A data breach at Christie’s auction house has revealed the exact whereabouts of art owned by some of the world’s wealthiest collectors.
Hundreds of Christie’s clients who had uploaded photographs of their prized paintings and sculptures for the auction house’s review were affected by the cybersecurity incident. Researchers Martin Tschirsich and André Zilch of the German cybersecurity research company Zentrust Partners uncovered the breach when a friend asked them to check how secure the auction house’s data was.
“Unfortunately, it only took us a few minutes to come across this serious vulnerability,” Tschirsich told the . “The vulnerability is so simple that it can be exploited by anyone with a browser within a few minutes.”
“Around 10 percent of the uploaded images contain exact GPS coordinates,” the researchers told the .
That means that their photographs don’t just contain the street address of where they were taken, but the artworks’ exact location within just a few feet.
This kind of vulnerability can be part and parcel for doing business online, with most would-be clients of major auction houses communicating over the internet before agreeing to consign a work.
The team at Zentrust Partners alerted Christie’s to the breach in July, but the issue was only fixed this week. When Tschirsich and Zilch offered to help resolve it—work they often do free of charge, including for the German health care system and election board—the auction house insisted that “we do not require any advice or assistance,” according to the report.
“As cybersecurity researchers we were very surprised by this reaction,” Zilch said, noting that the fix could have been made in a matter of days, if not hours.
It’s unclear if the auction house will communicate directly with clients whose data was compromised. A German professor who recently sent photographs to Christie’s told the that the auction house had not spoken to him about the breach, and that the paper’s investigation was the first he had heard of the issue.
“Christie’s respects its clients concerns about privacy and treats the protection of client information as a top priority. We maintain a comprehensive information security program comprised of safeguards designed to protect against unauthorized access to and disclosure of client information,” the auction house said in a statement provided to Artnet News. “As part of that program, we continuously assess our security safeguards, thoroughly address issues relating to the security of our clients’ information, and comply with our legal and regulatory obligations, including with respect to notifying our clients and applicable regulators.”
More Trending Stories: