Christie’s in crisis! Iconic auction house slapped with class action suit after a devastating cyberattack


Iconic auction house Christie’s is in hot water, as adding insult to injury is a class action lawsuit that has emerged just weeks after its website was hacked. A Dallas-based customer filed a class action complaint in the Southern District of New York on June 3rd over Christie’s failure to protect “personally identifiable information” (PII). The auction house, founded in 1766 counts high net worth individuals from across the world as its clients.

Christie’s salesroom in Dubai

The devastating cyberattack that unfolded in May 2024 not only compromised the plaintiffs’ “full names, genders, passport numbers, expiration dates, dates of birth, birth places, MRZs, countries, and document numbers,” per the lawsuit and also put at risk the personal information of roughly 500,000 class action members. This breach, orchestrated by the notorious RansomHub, a ransomware gang, was a direct threat to the privacy and security of Christie’s esteemed clientele. The hacker group even went as far as auctioning and selling the stolen data, a chilling testament to the severity of the attack. Christie’s global sales reached approximately $6.2 billion in 2023, and now its clients are at risk of multiple forms of identity theft.

Also read -  An Omani millionaire collector has sued Christie's over Marlon Brando's $5 million Rolex and halted a $42 million auction

From paintings that cost hundreds of millions of dollars to jewelry to fine wine, the auction house sells it all, and many of its clients prefer to remain anonymous.

The complaint highlighted Christie’s poor handling of the situation as well. On May 30th, an email from Christie’s to its impacted customers barely revealed any information about the specific perpetrators of the cyberattack. It conveniently omitted essential details like the date on which the cyberattack happened, the means by which it was executed, and the steps being taken to prevent similar incidents in the future. It is not surprising, then, that the clients showed a lack of faith in the esteemed auction house, and chose to go down the legal path.

Also read -  Pair of rare yellow diamonds to be auctioned by Christie's in New York

A Christie’s spokesperson said in defense, “Since the cybersecurity incident occurred, we have been actively monitoring online activity for any mention of Christie’s or our data. As a result, we are aware that a cyber group has made a statement, as yet unverified, claiming that data taken from a limited part of our systems has been sold. We continue to have no evidence that financial or transactional records or copies of documents, signatures, or photographs were taken. We have already notified those clients whose personal identity information was taken. We continue to comply with GDPR [General Data Protection Regulation] and other relevant national and state regulations.”

Tags from the story
Written By
With over 15 years of experience in luxury journalism, Neha Tandon Sharma is a notable senior writer at Luxurylaunches. Her expertise spans luxury yachts, high-end fashion, and celebrity culture. Beyond writing, her passion for fantasy series is evident. Beginning with articles on women-centric gadgets, she's now a leading voice in luxury, with a fondness for opulent superyachts. To date, her portfolio boasts more than 2 million words, often penned alongside a cappuccino.