Description

Sotheby’s, one of the world’s leading auction houses, has disclosed a data breach incident that compromised sensitive customer information, including financial details. The breach was detected on July 24, 2025, and an investigation spanning two months revealed that threat actors had accessed and stolen data such as full names, Social Security numbers (SSNs), and financial account information. According to a filing with Maine’s Attorney General’s office, the organization confirmed that the stolen data was removed from its environment by an unknown actor. Although the exact number of affected individuals remains unclear, reports indicate that at least two people from Maine and two from Rhode Island were impacted. The motive behind the breach remains uncertain, as no ransomware groups have yet claimed responsibility. Sotheby’s has previously been targeted in similar attacks, including a web-skimming campaign between 2017 and 2018 and a supply-chain compromise in 2021. Given the company’s high-profile clientele and multimillion-dollar transactions, it remains a lucrative target for cybercriminals seeking to exploit financial and personal data. The incident underscores the persistent threats faced by organizations managing high-value assets and sensitive financial information, especially in sectors dealing with luxury goods and art auctions. To mitigate the impact of the breach, Sotheby’s is offering affected customers 12 months of free identity protection and credit monitoring services through TransUnion. The company is also urged to strengthen its cybersecurity defenses by implementing continuous monitoring, stronger data encryption, and stricter access controls. Regular security audits, employee training, and improved incident response mechanisms are essential to prevent similar breaches in the future.