A data breach at Christie’s auction house has revealed the exact whereabouts of art owned by some of the world’s wealthiest collectors.
Hundreds of Christie’s clients who had uploaded photographs of their prized paintings and sculptures for the auction house’s review were affected by the cybersecurity incident. Researchers Martin Tschirsich and André Zilch of the German cybersecurity research company Zentrust Partners uncovered the breach when a friend asked them to check how secure the auction house’s data was.
“Unfortunately, it only took us a few minutes to come across this serious vulnerability,” Tschirsich told the Washington Post. “The vulnerability is so simple that it can be exploited by anyone with a browser within a few minutes.”
“Around 10 percent of the uploaded images contain exact GPS coordinates,” the researchers told the Post.
That means that their photographs don’t just contain the street address of where they were taken, but the artworks’ exact location within just a few feet.
This kind of vulnerability can be part and parcel for doing business online, with most would-be clients of major auction houses communicating over the internet before agreeing to consign a work.
The team at Zentrust Partners alerted Christie’s to the breach in July, but the issue was only fixed this week. When Tschirsich and Zilch offered to help resolve it—work they often do free of charge, including for the German health care system and election board—the auction house insisted that “we do not require any advice or assistance,” according to the Post report.
“As cybersecurity researchers we were very surprised by this reaction,” Zilch said, noting that the fix could have been made in a matter of days, if not hours.
It’s unclear if the auction house will communicate directly with clients whose data was compromised. A German professor who recently sent photographs to Christie’s told the Post that the auction house had not spoken to him about the breach, and that the paper’s investigation was the first he had heard of the issue.
“Christie’s respects its clients concerns about privacy and treats the protection of client information as a top priority. We maintain a comprehensive information security program comprised of safeguards designed to protect against unauthorized access to and disclosure of client information,” the auction house said in a statement provided to Artnet News. “As part of that program, we continuously assess our security safeguards, thoroughly address issues relating to the security of our clients’ information, and comply with our legal and regulatory obligations, including with respect to notifying our clients and applicable regulators.”
More Trending Stories:
An 1837 Portrait of an Enslaved Child, Obscured by Overpainting for a Century, Has Been Restored and Acquired by the Met
Rising Artist Ronan Day-Lewis’s ‘Punk Romanticism’ Imbues Desolate American Landscapes With an Eerie, Cinematic Aura
Why Did Yoko Ono’s Arboretum Art Installation in New York Shut Down Early? ‘Unfortunately, Trees Died’
LGDR Gallery Splits Up After Less than Two Years as Founding Partner Jeanne Greenberg Rohatyn Departs
Photographers Recreate Old Master Paintings in Witty and Profound Ways in a New Show at a Princeton University Art Gallery
Blue-Chip Artworks Seized From Top Portuguese Collector Will Be Featured in New Art Museum in Lisbon
Once Celebrated and Then Forgotten, the French Artist Marie Laurencin Is About to Step Into the Limelight Again, Three Decades After Her Death
Follow Artnet News on Facebook:
Want to stay ahead of the art world? Subscribe to our newsletter to get the breaking news, eye-opening interviews, and incisive critical takes that drive the conversation forward.