Sotheby’s has disclosed a data breach stemming from unauthorized access to its internal environment, leading to the exposure of sensitive personal information.
The attack was discovered in late July, with affected individuals receiving notification nearly three months later. On July 24, 2025, Sotheby’s observed that certain internal data had been exfiltrated by an unknown actor. The company launched an investigation immediately, enlisting third-party forensic experts to assist in analyzing the stolen data. This investigation included downloading, cataloging, and reviewing the compromised files to assess the nature and scope of the incident. According to the breach notification, this review concluded around September 24, 2025.
The number of individuals impacted hasn’t been disclosed at the time of writing. The compromised data includes full names, Social Security numbers, and financial account information, putting victims at increased risk of identity theft and fraud.
Founded in 1744, Sotheby’s is one of the world’s largest and most well-known brokers of fine and decorative art, jewelry, and collectibles. With a global client base and extensive digital presence, the auction house handles large volumes of high-value transactions and sensitive client data, making it an attractive target for cybercriminals.
Following the breach, Sotheby’s coordinated with federal law enforcement and regulatory agencies and began notifying affected individuals just yesterday. The company also took steps to secure its systems and reaffirmed its use of layered cybersecurity defenses, including strict access controls, secure network configurations, advanced threat protections, and employee training protocols. However, details about how the attacker gained access or what vulnerabilities may have been exploited remain undisclosed.
As of writing this, no ransomware groups have announced Sotheby’s on their dark web-based extortion sites.
To mitigate the potential fallout, Sotheby’s is offering 12 months of complimentary identity monitoring and credit protection through TransUnion. The firm is also advising individuals on how to place fraud alerts and credit freezes, and encouraging vigilance in reviewing account statements and credit reports for suspicious activity.
Leave a Reply