Christie's slapped with 280 million won penalty, 7.2 million won fine for data breach
Korea JoongAng Daily

Home > Business > Industry

print dictionary print

Christie's slapped with 280 million won penalty, 7.2 million won fine for data breach

Published: 10 Apr. 2026, 14:10
The artwork 'Nu debout et femmes assises' by Pablo Picasso is displayed during a media preview for 'The Art of the Surreal, Evening Sale' at Christie's auction house in central London on Feb. 25. [AFP/YONHAP]

The artwork 'Nu debout et femmes assises' by Pablo Picasso is displayed during a media preview for 'The Art of the Surreal, Evening Sale' at Christie's auction house in central London on Feb. 25. [AFP/YONHAP]

 
Christie's auction house was issued penalties by Korean authorities on Thursday for a data breach that exposed the personal information of hundreds of local clients.
 
The Personal Information Protection Commission said it imposed a 280 million won ($210,000) penalty on Christie’s, along with an additional 7.2 million won fine, and ordered the company to publicly disclose the sanctions for failing to abide by Korean data protection laws.
 

Related Article

 
The breach traces back to May 2024, when Christie’s website went offline ahead of its marquee New York auctions — a peak period for the global art market.  
 
At the time, the outage was suspected to be the result of a cyberattack, raising concerns that sensitive data belonging to ultra-wealthy collectors could have been compromised.  
 
A subsequent investigation found that the breach began when a help desk employee at the auction house fell victim to a voice phishing scheme. The employee granted a hacker posing as an administrator access to Christie’s personal data processing system.
 
“The help desk staff failed to follow identity verification procedures and reissued a password to the hacker, while also changing the phone number required for account access to one controlled by the hacker,” a commission official said.
 
As a result, the personal information of 4,670 registered users, including 620 Korean members, was leaked to the hacker. The leaked data included not only their names, nationalities and addresses, but also highly sensitive identifying information such as resident registration numbers, passport numbers and driver’s license numbers.
 
Korean investigators also found Christie’s had stored such sensitive data, including resident registration and passport numbers, for identity verification purposes, but without encryption.  
 


This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY HAN EUN-HWA [[email protected]]
tags Korea fine penalties Christie's data breach data privacy leak

More in Industry

Musk confirms Samsung, TSMC to produce future AI6 chips

Cheers with Chargé d’Affaires

Samsung Electronics seeks court injunction to prevent union actions impacting production

Record high scrips for Mounjaro for weight loss raise concern that urgent medical cases will get left out

Won-based export settlements hit record high in 2025: BOK

Related Stories

Alarm grows over Coupang data breach that went undetected for 5 months

LG U+ customer data hacked, 180,000 affected

Personal information watchdog chief says SKT probe could take months, a year

Police investigate leak of court, prosecution, police officials' personal information

Coupang's Seoul headquarters raided over data leak
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)