Major international auction house Sotheby’s is notifying individuals of a data breach incident on its systems where threat actors stole sensitive information, including financial details.
The hack was detected on July 24 and the investigtion took two months to determine they type of data stolen and the individuals impacted as a result.
Sotheby’s is a leading global auction house for fine art and high-value items, as well as an asset-backed lending services provider.
The company handles billions of dollars worth of auction sales annually, with its total sales reaching $6 billion last year.
According to a filing the organization submitted to Maine’s AG office, the data exposed in the incident includes full names, Social Security numbers (SSNs), and financial account information.
“On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor,” reads the letter sent to impacted individuals.
“We immediately began an investigation which included an extensive review of the data to determine and validate what information was involved and to whom such information relates” - Sotheby's notification
The total number of impacted individuals remains undisclosed as the filing mentions two persons in the state of Maine and two in Rhode Island.
BleepingComputer has contacted Sotheby’s with an information request about the attack, its scope of impact, and the number of exposed individuals in the U.S. and worldwide, but we have not received a response by publication time.
At the time of writing, no ransomware groups have assumed responsibility for the attack at Sotheby’s.
... continue reading