Auction House Christie’s Left Customer Data Vulnerable to Hackers, Class Action Lawsuit Claims

New to ClassAction.org? Read our Newswire Disclaimer

British auction house Christie’s has been hit with a proposed class action lawsuit over a May 2024 data breach that compromised the personal information of approximately 500,000 current and former customers.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 56-page data breach lawsuit says that Christie’s was targeted by a hacker group known as RansomHub early last month. A notice letter sent to victims relays that, as a result of the incident, during which cybercriminals gained access to certain files stored in some of the company’s computer systems, highly sensitive information belonging to clients was exposed.

According to the suit, an email Christie’s sent to victims on May 30, 2024 reported that the compromised data included full names, genders, dates of birth, passport numbers and expiration dates, countries of birth, ID numbers and MRZs—the machine-readable code along the bottom of a passport’s identity page.

The case contends that the Christie’s data breach stemmed from the auction house’s negligent cybersecurity protocols, which, as the complaint tells it, left consumers’ private information unencrypted and in a “dangerous condition” in the defendant’s network.

The filing charges that data breach victims now face a continuous risk of being targeted for cybercrimes, and must carefully monitor their financial accounts to protect against fraud and identity theft.

Moreover, the lawsuit alleges the company’s email notice omitted crucial details about the incident, which, per the case, hampers victims’ ability to mitigate any harm caused by the unauthorized disclosure of their data.

The plaintiff, a Dallas resident, says he received notice from Christie’s on May 30 informing him that his personal data had been compromised in the breach. The man claims that the theft of his information has caused him stress and anxiety, “which has been compounded by the fact that [Christie’s] has still not fully informed him of key details about the data breach’s occurrence.”

The lawsuit looks to represent anyone in the United States whose private information was accessed and/or acquired by an unauthorized third party as a result of the data breach reported by Christie’s in May 2024.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.