Art Basel's parent company MCH Group warns of possible data breach after criminal cyber attack

The Basel-based MCH Group, which operates the Art Basel fairs, says all its events will go ahead as scheduled © Art Basel
Art Basel’s parent company, the MCH Group, was hit by a criminal cyber attack using malware last month and is working with police and the Swiss cyber security authorities to identify those behind the attack, the fair says in a statement.
The extent of the data breach is not yet fully known but current information “suggests that the perpetrators may have gained access to data such as personal contact details” of customers, employees and partners, the company says. It says it has now secured its most important communication channels.
Art Basel warned clients to “exercise caution when dealing with unknown contacts, for instance if you are contacted by third parties by e-mail or telephone, who may represent themselves as your bank, internet provider or insurance company”. On its website, MCH Group advised customers to change any passwords connected to the company’s services and accounts and those of any other accounts for which they used the same passwords.
The MCH Group has filed a criminal complaint against the unidentified perpetrators of the attack, which took place on 20 October and was detected by the company’s security systems, according to a blog post on its website. In addition to art fairs, the Basel-based company operates hundreds of events for industries including construction, life sciences and hospitality.
Art Basel staged its first live edition since 2019 in September and its Miami Beach fair is due to take place on 2-4 December. The fairs’ customers include some of the world’s wealthiest people. MCH Group says all its events will still go ahead as scheduled.
The attack on the MCH Group is the latest in a spate of cyber crimes in Switzerland. Earlier in October, the municipality of Montreux identified an attack on its IT systems. The magazine Beobachter reported in October that around 2,700 Swiss companies had their data stolen and put up for sale on darknet markets last year.

source