Search
Close this search box.

US class action against Christie’s: what does it mean for UK clients?

Following the Christie’s data breach in May 2024, a class action lawsuit has now been filed in the United States. The suit alleges negligence, breach of implied contract, unjust enrichment, and violation of the New York Deceptive Trade Practices Act. The legal move could have significant implications for clients of the auction house across the world, including in the UK.  

What are the allegations against Christie’s?  

The 56-page complaint was filed in the Southern District of New York. The class action alleges that:  

  • Christie’s failed to properly secure and safeguard its customers’ sensitive information. 
  • Because of the breach, Christie’s clients have been exposed to potential identity theft, fraud, and loss of privacy​. 
  • Those affected have spent time and missed opportunities while trying to protect themselves from the possible consequences of the data breach. 

What data was stolen in the Christie’s data hack?  

According to the lawsuit, the compromised personal information included “full names, genders, passport numbers, expiration dates, dates of birth, birthplaces, MRZs*, countries, and document numbers.” 

MRZ stands for Machine Readable Zone. The MRZ is a section of a passport, visa, or other identity document that typically includes the document holder’s personal data, such as their name, nationality, document number, date of birth, and gender, in a form that can be easily scanned and read by machines, such as border control systems. If this data is compromised, it can be particularly dangerous as it provides structured information that can be easily used for identity theft or forgery. 

How the US Christie’s lawsuit affects clients in the UK  

The Christie’s data breach has left hundreds of thousands of clients vulnerable. While Christie’s has offered affected clients a 12-month subscription to identity protection services, the lawsuit argues this remedy is insufficient given the long-term risks posed by such a significant breach. 

The US lawsuit signals the beginning of potential legal repercussions on both sides of the Atlantic. UK clients are now wondering whether they too can pursue legal action. The answer is yes, as several UK law firms are already launching similar cases in England and Wales, and seeking to prove that Christie’s failed to comply with its GDPR obligations. 

At Join the Claim, we unite law firms and individuals to ensure powerful group action claims. We are not a law firm, but we help ensure people get straightforward access to compensation.  

Find out if you could join a no-win, no-fee Christie’s data breach claim with our handy eligibility checker. It will only take a few minutes and there’s no obligation to proceed. If you have a claim, register your interest and we’ll connect you with a UK law firm running a Christie’s data breach group action. 

Stay informed about compensation
YOU could be entitled to!

Subscribe to our newsletter and get breaking news on the latest consumer injustices and group claims.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like:

In January 2024, the High Court ruled that drivers could sue BMW for fitting some diesel vehicles with devices that tricked emissions tests. The illegal devices made it seem like BMW’s diesel cars were less-polluting than they actually were.
The Equal Pay Act protects employees from unfair discrimination in the workplace. The law states that both men and women should be paid equally where they are doing the same job (or one of equal value). This means companies can't treat you differently based on your gender when it comes to pay.
After a cyberattack in March 2023, pension holders across the UK had their data stolen. In the wake of this breach, law firms are rallying to help those affected. Their mission: to pursue justice and secure compensation for victims of the Capita data breach.