Christie’s class action alleges auction house’s data breach affects 500,000

Christie’s data breach lawsuit overview: 

• Who: A customer of Christie’s auction house has filed a class action lawsuit against the company.
• Why: Plaintiff Efstathios Maroulis alleges the auction house’s negligence led to a data breach that exposed at least 500,000 customers’ private information to cybercriminals.
• Where: The Christie’s data breach class action lawsuit was filed in a New York federal court.

The world-renowned auction house Christie’s has been slammed with a lawsuit alleging it was negligent with its customers’ private information, allowing it to be stolen by cybercriminals.

Plaintiff Efstathios Maroulis filed the proposed class action lawsuit against Christie’s Inc. on June 3 in a New York federal court, alleging negligence and breach of consumer laws. 

The lawsuit comes less than a week after a May 30 cyberattack of the Christie’s IT network that impacted about half a million customers’ personally identifiable information, the lawsuit states. 

Data compromised in the breach included Christie’s customers’ full names, genders, passport numbers, expiration dates, dates of birth, birth places, countries and document numbers.

“The [information] compromised in the Data Breach was exfiltrated by cyber-criminals and

remains in the hands of those cyber-criminals who target [personally identifiable information] for its value to identity thieves,” Maroulis says. 

Customers of luxury goods targeted

Maroulis says current and former customers of Christie’s were made vulnerable to identity theft and fraud through last week’s cyber attack. 

Christie’s is a “world-leading art and luxury business” that sells items in 46 countries, he says. The company was targeted for a cyber-attack due to its status as an auction company that collects and maintains highly valuable personal information on its systems, including customer passports, Maroulis adds.

While Christie’s customers entrusted the company with their personal information, it failed to properly secure and safeguard it, the lawsuit alleges. 

“The Data Breach was a direct result of Defendant’s failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect consumers’ [information] from a foreseeable and preventable cyber-attack,” it says. 

Customers suffer harm through breach, lawsuit says

Maroulis says he spent hours trying to safeguard his personal information after he found out about the attack through an email from Christie’s. He says the auction house didn’t give him enough information about how the breach happened for him to properly secure his data, and that it was only later that the ransomware group known as RansomHub took credit for the breach.

“Armed with the [information] accessed in the Data Breach, data thieves have already engaged in identity theft and fraud and can in the future commit a variety of crimes,” the lawsuit says. 

Maroulis says he has also suffered in the form of lost time and experiencing an increase in spam calls, texts and emails. 

He is looking to represent anyone living in the United States whose personally identifiable information was accessed by an unauthorized party as a result of the May 30 data breach.

Maroulis is suing for negligence, breach of implied contract, unjust enrichment and violations of New York consumer laws. The plaintiff is seeking certification of the class action, damages of at least $50 each, fees, costs and a jury trial, plus an injunction forcing Christie’s to better safeguard its information. 

Meanwhile, consumers have recently filed a slew of similar class action lawsuits against AT&T, Change Healthcare, GardaWorld, SouthState Bank, WellNow Urgent Care, The Aspen Group, Golden Corral and American Vision Partners alleging negligent data security in light of various cyberattacks. 

The rash of lawsuits includes at least nine class action lawsuits against AT&T following a report that more than 70 million of the wireless carriers current and former customers had their personally identifiable information (PII) leaked online. 

The plaintiff is represented by Vicki J. Maniatis and David K. Lietz of Milberg Coleman Bryson Phillips Grossman PLLC 

The Christie’s Data Breach Class Action Lawsuit is Efstathios Maroulis v. Christie’s Inc., Case No. 1:24-cv-04221 in the U.S. District Court for the Southern District of New York. 

Read About More Class Action Lawsuits & Class Action Settlements:

• Cencora class action claims data breach exposed sensitive patient info
• Ticketmaster data breach reportedly affects millions of users
• EPA warns majority of drinking water systems vulnerable to cyberattack
• Dell class action claims data breach affected 49M customers