Pierluigi Paganini October 17, 2025

Sotheby’s reported a July 24 breach exposing customer and financial data; it took two months to assess the stolen information and affected individuals.

Sotheby’s reported a data breach that exposed customer information, including financial details. The company discovered the security breach on July 24, and investigators spent two months determining what data was stolen and who was affected.

Sotheby’s is a major international auction house that sells fine art, jewelry, collectibles, and luxury goods. Founded in 1744 in London, it’s one of the world’s oldest and most prestigious auction firms, with headquarters now in New York and sales held globally.

On July 24, 2025, the auction house discovered that an unknown actor had stolen data from its systems. The company launched an investigation with third-party experts to identify what information was taken and who was affected. After completing the review on September 24, Sotheby’s began notifying impacted individuals and offering free identity monitoring services.

“On July 24, 2025, Sotheby’s became aware that certain Sotheby’s data appeared to have been removed from its environment by an unknown actor. Sotheby’s immediately began an investigation to determine what data was involved, which included downloading and cataloging the data with instruction by third-party specialists for further review and analysis. After that process was completed, Sotheby’s began a comprehensive review of the data to determine what personal information was potentially contained within the data and to whom it relates.” reads the data breach notification shared with the Maine Attorney General. “The review was completed on or around September 24, 2025, which allowed Sotheby’s to arrange services to provide individuals with notice and an offer of complimentary identity monitoring.”

The exposed personal information varies by individual, but includes the name, Social Security number, and financial account information.

The company hasn’t disclosed the number of impacted individuals.

Sotheby’s offered affected customers 12 months of free identity protection and credit monitoring through TransUnion.

At this time, no cybercrime groups have claimed responsibility for the attack.

In May 2024, another auction house, Christie’s, suffered a cyberattack. The company disclosed a data breach after the ransomware group RansomHub threatened to leak stolen data.

The extortion group said they had stolen 2GB of sensitive information, including personal information belonging to at least 500,000 Christie’s clients.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Sotheby’s)