Sotheby's, a renowned auction house, suffered a data breach in July 2025 when an unknown actor (later identified as the threat group 'm217') exfiltrated sensitive client data from its internal network. The compromised information included personally identifiable details such as names, Social Security numbers, and financial account information, exposing several thousand clients to potential identity theft and financial fraud.The breach was discovered on July 24, 2025, with an internal review confirming the scope of the incident by September 24, 2025. Sotheby's began notifying affected individuals via mail on October 15, 2025, while also disclosing the breach to regulatory bodies like the Maine and Massachusetts Attorneys General. In response, the company secured its systems, engaged law enforcement, and offered 12 months of free credit monitoring (TransUnion Cyberscout) to impacted clients.The incident highlights significant risks to customer privacy, financial security, and reputational damage, as the exposed data could be exploited for fraudulent activities, phishing scams, or unauthorized transactions. The lack of transparency on the exact number of victims further amplifies concerns over the breach’s long-term consequences.
Source: https://www.claimdepot.com/data-breach/sothebys-2025
TPRM report: https://www.rankiteo.com/company/sothebys
"id": "sot2593125101625",
"linkid": "sothebys",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Several thousand (exact number '
'not disclosed)',
'industry': 'Art and Luxury Goods',
'name': "Sotheby's",
'type': 'Auction House'}],
'customer_advisories': ['Mail notifications sent to impacted individuals '
'starting Oct. 15, 2025',
'Recommendations provided for credit monitoring, '
'fraud alerts, and phishing awareness'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Several thousand (exact number '
'not disclosed)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Financial Account '
'Information'],
'sensitivity_of_data': 'High (includes SSNs and financial '
'account information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-07-24',
'date_publicly_disclosed': '2025-10-15',
'description': "Sotheby's auction house experienced a data breach that "
'exposed sensitive personal information of some clients. An '
'unknown actor removed certain sensitive data from its '
"internal network. A threat actor known as 'm217' claimed "
'responsibility on a public forum, posting about the breach '
'and the exfiltrated data, which included personally '
'identifiable information (PII). The exposed information '
'included names, Social Security numbers, and financial '
"account information. Sotheby's began notifying impacted "
'individuals by mail on Oct. 15, 2025, and disclosed the '
"breach to the Maine and Massachusetts Attorney General's "
'offices on the same date.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive client data',
'data_compromised': ['Personally Identifiable Information (PII)',
'Names',
'Social Security Numbers',
'Financial Account Information'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial account information)',
'legal_liabilities': 'Disclosure to Maine and Massachusetts '
"Attorney General's offices; potential "
'regulatory scrutiny',
'payment_information_risk': 'High (financial account information '
'exposed)'},
'initial_access_broker': {'high_value_targets': ['Client PII (names, SSNs, '
'financial account '
'information)']},
'investigation_status': 'Review completed as of Sept. 24, 2025; notifications '
'sent to affected individuals starting Oct. 15, 2025',
'ransomware': {'data_exfiltration': True},
'recommendations': ['Sign up for the free credit monitoring services offered '
"by Sotheby's.",
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails or phone calls exploiting '
'exposed information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': "Sotheby's Official Website (general reference)",
'url': 'https://www.sothebys.com'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
"General's office",
'Massachusetts '
"Attorney General's "
'office']},
'response': {'communication_strategy': ['Mail notifications to impacted '
'individuals (starting Oct. 15, 2025)',
'Public disclosure via state Attorney '
'General notifications'],
'containment_measures': 'Immediate steps taken to secure systems '
'(details not specified)',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Offering 12 months of free TransUnion '
'Cyberscout credit monitoring to affected '
'individuals'],
'third_party_assistance': ['TransUnion Cyberscout (credit '
'monitoring services)']},
'threat_actor': 'm217',
'title': "Sotheby's Data Breach Exposing Client PII",
'type': 'Data Breach'}