Sotheby’s Data Breach Exposes Client Financial Data
▼ Summary
– Sotheby’s detected a cybersecurity incident on July 24, 2025, involving unauthorized removal of data from its systems.
– The breach exposed sensitive employee information including full names, Social Security numbers, and financial account details.
– The investigation took two months to determine the scope of impacted individuals, with the total number remaining undisclosed.
– This is not Sotheby’s first security incident, having experienced previous breaches in 2017-2018 and 2021 involving customer data theft.
– Impacted employees are being offered 12 months of free identity protection and credit monitoring services through TransUnion.
The prestigious international auction house Sotheby’s has confirmed a significant data breach involving the theft of confidential information, including sensitive financial details. The security incident was first identified on July 24, with a comprehensive investigation spanning two months to fully assess the scope of the data taken and identify the affected parties. As a globally recognized firm dealing in fine art, luxury collectibles, and asset-based financial services, Sotheby’s manages transactions worth billions annually, reporting total sales of $6 billion in the previous year.
Documents submitted by the company to the Maine Attorney General’s office reveal that the compromised data includes full names, Social Security numbers, and financial account information. In a notification letter sent to those impacted, Sotheby’s stated, “On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor.” The letter continued, “We immediately began an investigation which included an extensive review of the data to determine and validate what information was involved and to whom such information relates.”
While the complete number of individuals affected has not been publicly released, the Maine filing references two residents of Maine and two from Rhode Island. Media inquiries to Sotheby’s regarding the total scale of the breach, both within the United States and internationally, have so far gone unanswered. As of now, no ransomware groups have publicly claimed responsibility for the attack on Sotheby’s systems.
This is not the first time auction houses have been targeted by cybercriminals seeking substantial ransoms. Just last year, the RansomHub hacking group infiltrated Christie’s, reportedly making off with personal details belonging to approximately 500,000 clients. Sotheby’s itself has faced prior security issues, including a past incident where malicious code was embedded in its website to harvest payment data. Between March 2017 and October 2018, a digital skimming operation successfully stole customer credit card information and personal details. The company experienced another similar event in 2021 stemming from a supply-chain attack.
Individuals who have been notified of their involvement in this latest breach are being offered a complimentary 12-month identity protection and credit monitoring service provided by TransUnion. Affected persons have a 90-day window to enroll in these protective services.
Update 10/17 – Sotheby’s has since clarified in an official statement that this cybersecurity incident impacted employee data, not customer information. The article and its title have been revised to reflect this correction. A spokesperson for Sotheby’s provided the following comment: “Sotheby’s discovered a cybersecurity incident that may have involved certain employee information. Upon discovery of the incident, we immediately launched an investigation in cooperation with leading data protection and response experts and law enforcement. The company is notifying all impacted individuals appropriately in line with our requirements. We take the security of company and individual information very seriously and continue to work diligently to protect our systems and data.”
(Source: Bleeping Computer)
