Christie's Data Breach Class Action: 500,000 Customers' Data Exposed

Christie's Data Breach Lawsuit

Lawsuit Alleges Auction House Failed to Protect Sensitive Information

Nearly half a million Christie's customers have become victims of a significant data breach, exposing their personal information after hackers infiltrated the renowned auction house's database. 

A class action lawsuit filed by an affected customer accuses Christie's of failing to protect sensitive data, including full names, genders, passport numbers, and other identifying details, violating the trust and security of those who entrusted the company with their information.

Christie's Data Breach: Reckless Security Practices Exposed?

Texas resident Efstathios Maroulis filed the proposed class action lawsuit after getting a letter from the company in May alerting him to the breach. In it, he accused Christie’s of failing to properly secure and safeguard sensitive information of its customers, and allowing it to be “exfiltrated by cyber-criminals,” where it remains.

The company “intentionally, willfully, recklessly, or negligently” failed to take adequate measures to protect its data systems against intrusions and has subsequently failed to give the affected customers adequate notice, Maroulis argues. 

 “The data breach was a direct result of [Christie’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect consumers’ PII from a foreseeable and preventable cyber-attack,” the lawsuit alleges.

How Hackers Exploit Stolen Information

Maroulis alleges in the lawsuit that ransomware group RansomHub, which took credit for the data breach, has already either used or sold the personal information as “data thieves have already engaged in identity theft and fraud and can in the future commit a variety of crimes.” 

Those crimes include opening new financial accounts in customers' names, taking out loans, using government benefits, filing fraudulent tax returns, obtaining driver’s licenses, and giving false information to police during an arrest, he states.

“As a result of the Data Breach, Plaintiff and Class Members have been exposed to a heightened and imminent risk of fraud and identity theft,” he argues, saying they now have to be on the lookout for theft for the rest of their lives. 

Preventing Data Breaches: Lessons from Christie's and Beyond

As per the lawsuit, a ransomware attack is a type of cyberattack that is frequently used to target healthcare providers due to the sensitive patient data they maintain. Hackers often use software to encrypt data on a compromised network, rendering it unusable and demanding payment to restore control over the network.

The Center for Internet Security lists seven ways to avoid ransomware attacks:

  1. Maintain backups, but do so thoughtfully
  2. Develop plans and policies so you know what to do during an attack
  3. Review port settings
  4. Secure your configuration settings and harden endpoints
  5. Keep all systems up to date
  6. Train your team on how to spot malicious emails
  7. Implement an IDS to spot issues

Christie's Joins Growing List of Companies Facing Data Breach Lawsuits

InjuryClaims has reported on a range of data breaches in recent months that have resulted in customers suing companies for damages. 

This week, Krispy Kreme, the global doughnut company and coffeehouse chain, was hit with a lawsuit over its alleged collection of employee biometric data without proper consent. 

Meanwhile, Navy Federal Credit Union, the nation's largest credit union with over 13 million members, has come up against a consumer lawsuit for allegedly allowing artificial intelligence (AI) bots to monitor and record customer service calls without their consent.

In May, two pharmaceutical companies, Cencora Inc. and its subsidiary The Lash Group LLC, were slammed with a lawsuit after they suffered a cyberattack that exposed the private health information of more than half-a-million of its clients.

In the Christie’s data breach class action  lawsuit, Maroulis seeks to represent Christie's customers nationwide, alleging violations of New York business law, negligence, breach of implied contract, and unjust enrichment. He is demanding various remedies, including damages and the implementation of robust security measures to prevent future data breaches.

Case Details

  • Lawsuit: Maroulis v Christie’s Inc.
  • Case Number: 1:24-cv-04221-JMF
  • Court: U.S. District Court for the Southern District of New York

Plaintiffs' Attorneys

  • Vicki J. Maniatis, Esq. and David K. Lietz (Milberg Coleman Bryson Phillips Grossman, PLLC)
  • Bruce W. Steckler (Steckler Wayne & Love, PLLC)
Latest News

Loading...

Illustration of a mobile device getting an email notification
Our Mission at Injury Claims

Injury Claims keeps you informed about lawsuits large and small that could affect your daily life. We simplify the complexities of class actions lawsuits, open class action settlements, mass torts, and individual cases to ensure you understand how these legal matters could impact your rights and interests.

Legal Updates That Matter to You

If you think a recent legal case might affect you, action is required. Select a class action lawsuit or class action settlement, share your details, and connect with a qualified attorney who will explain your legal options and assist in pursuing any compensation due. Take the first step now to secure your rights.