What information was exposed in the Sotheby's breach?

The exposed data includes highly sensitive personal and financial information: full names, Social Security numbers (SSNs), and financial account information. This combination of data poses significant identity theft and financial fraud risks for affected employees.

Who was affected by the Sotheby's data breach?

Sotheby's confirmed that the incident impacted employees, not customers or clients of the auction house. The total number of impacted individuals has not been publicly disclosed by the company.

How many people were affected by the Sotheby's breach?

The total number of affected individuals has not been publicly disclosed by Sotheby's. The company has only confirmed that the breach impacted employees rather than customers or clients.

Were Sotheby's customers affected by the data breach?

No, Sotheby's confirmed that the incident impacted employees only, not customers or clients of the auction house. The exposed data contained employee information including Social Security numbers and financial account details.

How long did the Sotheby's breach investigation take?

The investigation with leading data protection experts and law enforcement authorities took approximately two months to complete. Sotheby's discovered the breach on July 24, 2025, and the investigation was completed before the company began notifying affected individuals.

What is Sotheby's doing for affected employees?

Sotheby's is providing affected employees with 12 months of free identity protection and credit monitoring services. This is intended to help employees monitor for potential identity theft or fraudulent use of their exposed personal and financial information.

What type of cyberattack was the Sotheby's incident?

While the specific type of cyberattack has not been disclosed, it appears to be a data exfiltration incident where an unknown actor removed certain company data from Sotheby's environment. The incident does not appear to be typical ransomware, as no groups have claimed responsibility or demanded ransom, and no data has appeared on leak sites.

What should affected Sotheby's employees do?

Affected Sotheby's employees should take advantage of the 12 months of free identity protection and credit monitoring services being offered. Given the exposure of Social Security numbers and financial account information, employees should closely monitor their financial accounts, credit reports, and bank statements for suspicious activity. They should consider placing fraud alerts or credit freezes on their accounts, be alert for signs of identity theft, and report any suspicious activity immediately.

Why did it take two months for Sotheby's to notify employees?

The investigation with leading data protection experts and law enforcement authorities took approximately two months to complete before Sotheby's could begin notifying affected individuals. This timeframe is typical for breach investigations, as companies need to determine the scope of the breach, identify what data was compromised, and determine which individuals were affected before sending accurate notifications.

Incident

Auction house Sotheby's reports data breach exposing employee data and social security numbers

Q: What happened with the Sotheby's data breach?

International auction house Sotheby's experienced a data breach that resulted in the exposure of sensitive employee information, including financial details and Social Security numbers. The company became aware on July 24, 2025, that certain company data appeared to have been removed from their environment by an unknown actor.

Q: When was the Sotheby's data breach discovered?

Sotheby's became aware of the data breach on July 24, 2025. The investigation with leading data protection experts and law enforcement authorities took approximately two months to complete before the company could begin notifying affected individuals.

Q: Has any ransomware group claimed responsibility for the Sotheby's attack?

No, no ransomware groups have claimed responsibility for the attack as of the time of reporting. The incident does not appear to follow the typical ransomware model where threat actors encrypt systems and demand payment, as no criminal groups have publicly claimed the attack or posted stolen data on leak sites.

Q: How did the attackers breach Sotheby's systems?

The attack vector has not been disclosed by Sotheby's. The company only confirmed that certain company data appeared to have been removed from their environment by an unknown actor, but has not revealed how the unauthorized access occurred.

published: Oct. 17, 2025

Learn More

International auction house Sotheby's is reporting a data breach incident that resulted in the exposure of sensitive employee information, including financial details and Social Security numbers.

Sotheby's became aware on July 24, 2025, that certain company data appeared to have been removed from their environment by an unknown actor. The investigation with leading data protection experts and law enforcement authorities took approximately two months to complete before the company could begin notifying affected individuals.

Exposed data includes:

Full names
Social Security numbers (SSNs)
Financial account information

The attack vector and number of affected individuals is not disclosed. No ransomware groups have claimed responsibility for the attack as of the time of reporting.

The total number of impacted individuals has not been publicly disclosed. Sotheby's confirmed that the incident impacted employees, not customers or clients of the auction house.

Value of the Incident:

No monetary value, ransom demand, or payment information has been disclosed. The incident does not appear to follow the typical ransomware model where threat actors encrypt systems and demand payment, as no criminal groups have publicly claimed the attack or posted stolen data on leak sites.

Sotheby's is providing affected employees with 12 months of free identity protection and credit monitoring services.

Auction house Sotheby's reports data breach exposing employee data and social security numbers

Read More
The Fraunhofer Institute for Industrial Engineering reports ransomware …
Art Gallery of Ontario reports cyberattack, data breach
Car-sharing Zoomcar reports data breach exposing 8.4 M …
Barrett-Jackson auction company reports data breach
Collectibles.com data leak exposes information of nearly 900,000 …