Major international auction house Sotheby’s is notifying individuals about a data breach incident on its systems, where threat actors stole sensitive information, including financial details.
The hack was discovered on July 24 and the investigation took two months to determine what type of data was stolen and which individuals were affected as a result.
Sotheby’s is a leading global auction house for fine art and high-value objects, as well as an asset-backed loan service provider.
The company handles billions of dollars of auction sales annually, with total sales reaching $6 billion last year.
According to a filing by the organization Submitted to Maine’s AG’s OfficeThe data exposed in the incident included full names, Social Security numbers (SSN), and financial account information.
“On July 24, 2025, Sotheby’s became aware that some of Sotheby’s data was removed from our environment by an unknown actor,” the letter sent to affected individuals reads.
“We immediately initiated an investigation that included a comprehensive review of the data to determine and verify what information was included and to whom such information pertains” – Sotheby’s notification
The total number of affected individuals is unknown as the filing mentions two individuals in the state of Maine and two in Rhode Island.
BleepingComputer has contacted Sotheby’s with a request for information about the attack, the scope of its impact, and the number of individuals exposed in the US and around the world, but we have not received a response by publishing time.
At the time of writing, no ransomware group has claimed responsibility for the attack on Sotheby’s.
Ransomware gangs have targeted other auction houses in the past in hopes of paying big payouts; last year, RansomHub hackers broke into Christie’s and reportedly stole details of half a million customers.
Sotheby’s has also had other security incidents in the past, most notably with malicious code planted on its website to collect payment information. Between March 2017 and October 2018, a web Skimmer steals customer card data and personal details. the company suffered losses Similar incident in 2021 In a supply-chain attack.
Sotheby’s customers who were notified of the data breach this time are offered 12 months of free identity protection and credit monitoring service through TransUnion, with 90 days to enroll.
Updated 10/17 – Sotheby’s confirmed via a statement to BleepingComputer that the incident affected staff, not customers. Therefore, the content and title of the article were updated accordingly. The full statement is below.
“Sotheby’s has discovered a cybersecurity incident that may have involved certain employee information. Upon learning of the incident, we immediately launched an investigation in collaboration with leading data security and response experts and law enforcement. The company is notifying all affected individuals as appropriate, consistent with our requirements. We take the security of company and personal information very seriously and continue to work diligently to protect our systems and data.” – Sotheby’s spokesperson
Passwords were cracked in 46% of environments, almost double from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at prevention, detection, and more findings on data intrusion trends.
