Sotheby’s Data Breach Exposes Client Financial Data
▼ Summary
– Sotheby’s detected a data breach on July 24, 2025, where threat actors stole sensitive information from its systems.
– The investigation revealed that stolen data included full names, Social Security numbers, and financial account information.
– The breach impacted employees, not customers, and Sotheby’s is providing affected individuals with 12 months of identity protection services.
– Sotheby’s is a global auction house with $6 billion in annual sales and has experienced previous security incidents, including web skimming attacks.
– No ransomware group has claimed responsibility for this attack, though auction houses like Christie’s have been targeted by hackers in the past.
Sotheby’s, the world-renowned auction house for fine art and luxury assets, has confirmed a significant data breach compromising sensitive personal and financial details. The security incident, which came to light on July 24, involved unauthorized access leading to the extraction of confidential data from the company’s systems. An internal investigation spanning two months was required to fully assess the scope of the stolen information and identify the affected parties.
The compromised data includes full names, Social Security numbers, and financial account information, according to a notification the company submitted to the Maine Attorney General’s office. In a letter sent to those impacted, Sotheby’s stated, “On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor.” The notification further explained that the company promptly initiated a comprehensive review to determine exactly what information was involved and which individuals were connected to that data.
While the total number of people affected has not been publicly disclosed, regulatory filings indicate at least two individuals in Maine and two in Rhode Island received notifications. Sotheby’s, which manages billions in auction sales annually, reaching $6 billion in the previous year, has not responded to media inquiries regarding the full scale of the breach, either domestically or internationally.
So far, no ransomware groups have claimed responsibility for the attack. However, auction houses have previously been targeted by cybercriminals seeking large ransoms. Just last year, the RansomHub group breached Christie’s, reportedly accessing details for approximately half a million clients.
This is not the first cybersecurity issue for Sotheby’s. Between March 2017 and October 2018, malicious code was planted on the company’s website to harvest payment card data and personal information from customers. A similar supply-chain attack occurred again in 2021, underscoring persistent vulnerabilities.
Individuals who have been notified of the latest breach are being offered a 12-month identity protection and credit monitoring service through TransUnion at no cost. They have a 90-day window to enroll in the program.
In a later update provided on October 17, Sotheby’s clarified through an official statement that the incident specifically impacted employee information, not customer data. A company spokesperson said, “Sotheby’s discovered a cybersecurity incident that may have involved certain employee information. Upon discovery of the incident, we immediately launched an investigation in cooperation with leading data protection and response experts and law enforcement. The company is notifying all impacted individuals appropriately in line with our requirements. We take the security of company and individual information very seriously and continue to work diligently to protect our systems and data.”
(Source: Bleeping Computer)
