Sotheby's, a multinational auction house specializing in fine art and luxury items, confirmed a cyber breach on July 24, where attackers stole sensitive data, including Social Security numbers and financial account information. The company reported the incident to Maine’s Attorney General, disclosing that at least two Maine residents (potentially employees or high-net-worth clients) were affected. While Sotheby’s emphasized its robust security measures such as regular patching, incident response testing, access controls, and threat protections the attackers still managed to infiltrate its systems.The breach’s scope remains unclear, including whether the stolen data belonged to staff, clients, or both, and if an extortion demand (e.g., ransomware) was issued. Sotheby’s is offering 12 months of credit and identity monitoring via TransUnion to affected individuals. This incident follows a similar 2024 attack on rival Christie’s, where the RansomHub group stole data but allegedly sold it in a private auction instead of leaking it. Experts suggest such auctions are rare and often a last-ditch effort for monetary gain when victims refuse to pay.
Source: https://www.theregister.com/2025/10/16/sothebys_breach/
TPRM report: https://www.rankiteo.com/company/sothebys
"id": "sot1732017101625",
"linkid": "sothebys",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 2 (Maine residents); '
'total number unspecified',
'industry': 'Fine Art and Luxury Items',
'location': 'New York, USA (HQ); London, UK (founded)',
'name': "Sotheby's",
'size': 'Multinational',
'type': 'Auction House'}],
'customer_advisories': 'Letter sent to affected individuals (July 2024)',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes (Social Security '
'numbers)',
'sensitivity_of_data': 'High (PII and financial data)',
'type_of_data_compromised': ['Social Security numbers',
'financial account information']},
'date_detected': '2024-07-24',
'description': "Auction house Sotheby's disclosed a breach on July 24, where "
'attackers stole an unspecified amount of data, including '
'Social Security numbers and financial account information. '
'Two Maine residents were confirmed affected. The company is '
'offering 12 months of credit and identity monitoring services '
'via TransUnion. The breach follows a similar incident at '
"Christie's in May 2024, where ransomware group RansomHub "
'targeted the auction house but allegedly sold the data in a '
'private auction instead of leaking it.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'breach of high-net-worth client data',
'data_compromised': ['Social Security numbers',
'financial account information'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial data)',
'payment_information_risk': 'High (financial account information '
'compromised)'},
'initial_access_broker': {'high_value_targets': 'Potential '
'(high/ultra-high-net-worth '
'clients)'},
'investigation_status': 'Ongoing (company reviewing safeguards)',
'post_incident_analysis': {'corrective_actions': 'Reviewing and enhancing '
'existing safeguards '
'(layered defenses, access '
'controls, threat '
'protections)'},
'references': [{'source': 'The Register'}],
'regulatory_compliance': {'regulatory_notifications': 'Filing with Maine '
"Attorney General's "
'Office'},
'response': {'communication_strategy': 'Letter to affected individuals; '
"filing with Maine Attorney General's "
'Office',
'incident_response_plan_activated': 'Yes (company states plans '
'were tested regularly)',
'recovery_measures': 'Offering 12 months of credit/identity '
'monitoring to affected individuals',
'remediation_measures': 'Reviewing safeguards and considering '
'enhancements',
'third_party_assistance': 'TransUnion (for credit/identity '
'monitoring)'},
'title': "Sotheby's Data Breach",
'type': 'Data Breach'}