Sotheby’s, a leading global auction house specializing in fine art and high-value items, as well as an asset-backed lending services provider, has recently confirmed a significant data breach affecting its customers. The company, which handles billions of dollars in auction sales annually and recorded total sales of $6 billion last year, detected unauthorized activity on its systems on July 24, 2025. This incident has led to the theft of sensitive personal and financial information from their environment.
According to a filing submitted to the Maine Attorney General’s office, the investigation revealed that the data exposed in the incident is highly sensitive. The stolen information includes customers’ full names, Social Security numbers (SSNs), and financial account information. In its notification to impacted individuals, Sotheby’s stated, “On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from our environment by an unknown actor.” The two-month internal review was extensive, aiming “to determine and validate what information was involved and to whom such information relates.”
The precise total number of individuals impacted globally remains undisclosed. The official filing only specified two affected persons in the state of Maine and two in Rhode Island, leaving the full scope of the breach vague. While no ransomware group has yet publicly claimed responsibility for the attack on Sotheby’s, this kind of intrusion aligns with previous tactics used against high-profile auction houses. Last year, for instance, the RansomHub group allegedly breached Christie’s, stealing the details of half a million clients.
This is not the first time the prestigious auction house has faced security issues. Sotheby’s has been the target of other security incidents in the past, including issues with malicious code. Between March 2017 and October 2018, for example, a web skimmer was planted on its website to steal customer card data and personal details. The company suffered a similar incident more recently in 2021 through a supply-chain attack, underscoring persistent security challenges for the organization.
In response to this latest breach, Sotheby’s is offering immediate support to its affected customers. Those who received a data breach notification are being provided with a 12-month, free-of-charge subscription to identity protection and credit monitoring services through TransUnion. Customers have been given a 90-day window to enroll in this complimentary service to help safeguard against potential identity theft following the exposure of their sensitive data.
Reference:
