On October 10, 2018, Sotheby’s Home (previously known as Viyet) suffered a data breach after an unauthorized third party infiltrated its website. The incident exposed sensitive customer information, including names, addresses, email addresses, and payment card details specifically for those who used the checkout form. Investigations revealed that the breach had been ongoing since at least March 2017, indicating a prolonged period of vulnerability. The California Attorney General publicly disclosed the breach on November 29, 2018. The compromised data posed significant risks, such as identity theft, financial fraud, and unauthorized transactions, given the nature of the exposed payment information. The breach underscored critical gaps in the company’s cybersecurity measures, particularly in safeguarding customer data over an extended period. While no immediate reports confirmed misuse of the stolen data, the exposure of financial details heightened concerns over potential fraudulent activities targeting affected customers.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-142209
TPRM report: https://www.rankiteo.com/company/sothebyshomes
"id": "sot234090725",
"linkid": "sothebyshomes",
"type": "Breach",
"date": "3/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Luxury Home Furnishings',
'location': 'California, USA',
'name': 'Sotheby’s Home (formerly Viyet)',
'type': 'E-commerce'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to customer '
'data)',
'personally_identifiable_information': ['names',
'addresses',
'email addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['personal information',
'payment card details']},
'date_detected': '2018-10-10',
'date_publicly_disclosed': '2018-11-29',
'description': 'An unauthorized third party gained access to the Sotheby’s '
'Home (formerly Viyet) website, potentially exposing personal '
'information including names, addresses, email addresses, and '
'payment card details of customers who used the checkout form. '
'The breach was believed to have been ongoing since at least '
'March 2017.',
'impact': {'data_compromised': ['names',
'addresses',
'email addresses',
'payment card details'],
'identity_theft_risk': 'High (personal and payment data exposed)',
'payment_information_risk': 'High (payment card details exposed)',
'systems_affected': ['website checkout form']},
'initial_access_broker': {'high_value_targets': ['customer payment data'],
'reconnaissance_period': 'Potentially since March '
'2017 or earlier'},
'references': [{'date_accessed': '2018-11-29',
'source': 'California Attorney General Report'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws'],
'regulatory_notifications': ['Reported to '
'California Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Attorney General report'},
'threat_actor': 'Unauthorized third party',
'title': 'Sotheby’s Home (formerly Viyet) Data Breach',
'type': 'Data Breach'}