On the eve of a marquee week of modern and contemporary art auctions that begin Monday night, Guillaume Cerruti, the chief executive of Christie’s, confirmed that all the company’s live auctions would proceed as scheduled, with bidding in person and by phone, despite a hack that has sidelined its official website since last Thursday. The hack is testing the loyalty of its ultrawealthy clients amid its spring auctions, with sales that account for nearly half of Christie’s annual revenue.
On Sunday evening, in his first public statement since the cyberattack, Cerutti wrote in an email, “We are looking forward to welcoming you to our exhibitions and to registering you to participate in these auctions.” Neither Cerruti nor a spokeswoman for the auction house responded to questions of how the online portion of the auction would continue.
On Thursday, Christie’s experienced what it called a “technology security issue” that took its company website offline, leaving in place an apology and the promise to provide “further updates to our clients as appropriate.” By Sunday, the site was still down.
It was the second time in less than a year that Christie’s had suffered a breach. In August, a German cybersecurity company revealed a data breach at the auction house that leaked the locations of artworks held by some of the world’s wealthiest collectors.
If Christie’s first major sales do take place Tuesday night, as Cerutti promised — the Rosa de la Cruz Collection from the home of the Miami-based art patron, and the 21st Century Evening Sale — they will be tightly choreographed because the majority of lots have pre-sale financial guarantees. Christie’s typically negotiates these deals until the auction begins, which market experts said could lead to an unusual situation where no external bids are needed for the company to say that its Tuesday evening auctions achieved a high selling rate.
Over the weekend, dozens of those potential buyers gathered at the company’s galleries at Rockefeller Center in Manhattan to view the expensive artworks that have a total high estimate of nearly $840 million, and to discuss bidding. Employees led private tours past the giant Andy Warhol “Flowers” silk-screen painting from 1964 that carries a high estimate of $30 million, and down toward the more modestly priced day sales, where a Barbara Kruger artwork proclaiming “You can’t drag your money into the grave with you” had a high estimate of $600,000.
Christie’s employees assured some clients in the galleries that its website would be fixed “imminently,” but on Saturday afternoon, when the company still had not regained control, it replaced a temporary landing page on the site since Thursday with another temporary website produced through a free web design company called Shorthand. The temporary site lets viewers browse online catalogs of upcoming sales but does not allow online bidding or registration.
Behind the scenes, two auction house employees, who asked not to be identified because they were not authorized to speak publicly, described a state of panic in which top leaders remained quiet about the details of the security breach and have not addressed questions from employees about whether the hackers have accessed confidential information about clients and are holding it for ransom.
Several prominent buyers and sellers also said they had been left in the dark about the incident, and that they had not been alerted to the hack until a reporter called.
“A cyberattack like this is the 21st-century equivalent of a hand grenade in a small room,” said the art market lawyer Thomas C. Danziger, who often represents clients at auction. “Twenty-five years ago, it would have been a flood or a hurricane.”
Wendy Cromwell, an art adviser, said that serious buyers would find ways of doing business with the auction house even as it experienced technical difficulties.
“It’s a nightmare, obviously, with all the payment and purchaser data they own. I have not heard from Christie’s regarding my company’s account,” she wrote in an email.
But in terms of the upcoming auctions, she said, “I’m planning to attend the evening sales in person. I don’t usually bid online.”
On Saturday afternoon, as collectors milled through the galleries, a receptionist said Cerutti was not in the office. Cerutti took the reins of the company in 2016 at a time when auction houses were struggling to find strong estates and inventory to draw new buyers.
The hack was bad timing — not just for Christie’s executives, but for the Pinault family, which controls the auction house through Groupe Artémis, a holding company. Artémis also controls Kering, the luxury group that owns fashion brands like Gucci and…
Read More: Hobbled by Cyberattack, Christie’s Says Marquee Sales Will Proceed