Major international auction house Sotheby’s is notifying customers of a data breach incident on its systems where threat actors stole sensitive information, including financial details.
The hack was detected on July 24 and the investigtion took two months to determine they type of data stolen and the individuals impacted as a result.
Sotheby’s is a leading global auction house for fine art and high-value items, as well as an asset-backed lending services provider.
The company handles billions of dollars worth of auction sales annually, with its total sales reaching $6 billion last year.
According to a filing the organization submitted to Maine’s AG office, the data exposed in the incident includes full names, Social Security numbers (SSNs), and financial account information.
“On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor,” reads the letter sent to impacted individuals.
“We immediately began an investigation which included an extensive review of the data to determine and validate what information was involved and to whom such information relates” – Sotheby’s notification
The total number of impacted individuals remains undisclosed as the filing mentions two persons in the state of Maine and two in Rhode Island.
BleepingComputer has contacted Sotheby’s with an information request about the attack, its scope of impact, and the number of exposed individuals in the U.S. and worldwide, but we have not received a response by publication time.
At the time of writing, no ransomware groups have assumed responsibility for the attack at Sotheby’s.
Ransomware gangs have targeted other auction houses in the past, hoping for a big payday, Last year, RansomHub hackers breached Christie’s, allegedly stealing the details of half a million clients.
Sotheby’s also had other security incidents in the past, particularly with malicious code planted on its website to collect payment information. Between March 2017 and October 2018, a web skimmer stole customer card data and personal details. The company suffered a similar incident in 2021 in a supply-chain attack.
Sotheby’s customers who received a data breach notification this time are provided a 12-month free-of-charge identity protection and credit monitoring service through TransUnion, given 90 days to enroll.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy
