Christie’s Struggles to Recover from Cyberattack Ahead of Spring Sales

Christie’s is working to recover control of its website following a May 9 cyberattack that took it offline ahead of its major spring modern and contemporary art sales, to take place this week. The spring sales typically generate half of the auction house’s annual revenue, with this year’s iteration carrying a high estimate of $840 million. Christie’s has said that all its live auctions will proceed, with bids being taken in person, over the phone, and online via Christie’s Live.

The source of the attack—the second the company hasexperiencedin the past year—has not been publicly revealed. In the hours immediately following it, the auction house put up a temporary website promising “further updates to our clients as appropriate.” On May 11, it replaced that message with another apology and a link to a temporary site, quickly assembled on the free online platform Shorthand, that allows viewers to browse the works on sale but not to bid on them.

Though the breach is alarming for Christie’s in that it may result in a loss of client confidence regarding the company’s ability to protect sensitive customer data, it is not widely expected to seriously dent sales, as many deals are hammered out in the weeks, days, and even minutes immediately preceding an auction, with wealthy buyers often preferring to see the works in person. 

In addition to arriving at a particularly inopportune time, the attack comes at a bad moment for the Pinault family, which owns Christie’s through its Groupe Artémis: The family also controls fashion conglomerate Kering, which in March issued a profit warning after sales of Gucci, its biggest brand, tumbled 20 percent year over year in the first quarter.