Auction house Sotheby’s finds its data on the block after cyberattack

Steven

Auction house Sotheby’s finds its data on the block after cyberattack

Author note

Punchy: A high-profile auction house has had sensitive data stolen — this isn’t just an IT headache, it’s a reputational and client-trust issue. Read the short summary below to get the essentials fast.

Summary

Sotheby’s says it was breached on 24 July and that intruders stole an unspecified quantity of data, including Social Security numbers and financial account information. The company has told Maine’s Attorney General’s Office that two Maine residents were affected; it has not provided a full tally of victims nor identified the attacker.

Sotheby’s emphasises it maintains layered defences, regular patching and incident response testing, and is offering those affected 12 months’ credit and identity monitoring via TransUnion. The auction house has so far only filed a report with Maine’s AG. This follows a similar incident at Christie’s in 2024 where stolen data was claimed to be auctioned by attackers.

Key Points

  • Breach date: 24 July 2025; attackers stole data including Social Security numbers and financial account information.
  • Sotheby’s reported the incident to Maine’s Attorney General; two Maine residents were named as affected so far.
  • The company says it uses layered defences, regular patching and incident-response testing but the intruders succeeded nonetheless.
  • Sotheby’s is offering 12 months of credit and identity monitoring through TransUnion to affected individuals.
  • No public confirmation yet on the identity of the attackers, the total number of victims, or whether an extortion demand was made.
  • The incident follows Christie’s 2024 data raid and raises fresh questions about how high-value service providers protect client data.
  • Security experts note that auctioning stolen data is uncommon and often a last-ditch tactic by criminals seeking payment.

Why should I read this?

Quick and blunt: if you work in security, privacy, wealth management or serve high-net-worth clients, this is one to note. It shows attackers still get into well-defended firms, regulators are being alerted piecemeal, and affected clients will need to check their financial and identity protections now. We’ve read the detail so you don’t have to — worth five minutes of your time.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/10/16/sothebys_breach/