Global auction house Sotheby’s has disclosed that it recently suffered a data breach in which cybercriminals accessed and extracted files containing sensitive information. The company confirmed that the security incident, detected on July 24, 2025, led to unauthorized access to certain internal data systems.

According to a notification filed with the Maine Attorney General’s Office, the compromised records included details such as full names, Social Security Numbers (SSNs), and financial account information. While the filing listed only a few individuals from the states of Maine and Rhode Island, the overall number of people affected by the breach has not been publicly confirmed.

Sotheby’s stated that once the intrusion was identified, its cybersecurity team immediately launched a detailed investigation, working alongside external security experts and law enforcement authorities. The process reportedly took nearly two months as the company conducted a comprehensive audit to determine what type of information was taken and whose data was affected.

In its notice to those impacted, the company wrote that certain Sotheby’s data “appeared to have been removed from our environment by an unknown actor.” It added that an “extensive review of the data” was carried out to identify the affected records and confirm the individuals connected to them.

As a precautionary measure, Sotheby’s is offering affected individuals 12 months of free identity protection and credit monitoring services through TransUnion, encouraging them to register within 90 days of receiving the notification letter.

Initially, it was unclear whether the compromised data involved employees or clients. However, in an update on October 17, 2025, Sotheby’s clarified in a statement to BleepingComputer that the breach involved employee information, not customer data. The company emphasized that it took the incident seriously and immediately involved external cybersecurity experts to support the response and remediation process.

“Sotheby’s discovered a cybersecurity incident that may have involved certain employee information,” a company spokesperson said in an official statement. “Upon discovery, we promptly began an investigation with leading data protection specialists and law enforcement. The company is notifying all impacted individuals as required and remains committed to protecting the integrity of its systems and data.”

Sotheby’s is among the world’s most recognized auction houses, dealing in high-value art and luxury assets. In 2024, the firm recorded total annual sales of nearly $6 billion, highlighting the scale and sensitivity of the data it manages, including financial and transactional records.

Although no ransomware groups have claimed responsibility for this breach so far, similar attacks have previously targeted high-end auction platforms. In 2024, the RansomHub gang allegedly breached Christie’s, stealing personal data belonging to an estimated 500,000 clients. Such incidents indicate that cybercriminals increasingly view global art institutions as lucrative targets due to the financial and personal data they store.

This is not the first time Sotheby’s has dealt with cybersecurity issues. Between March 2017 and October 2018, the company’s website was compromised by a malicious web skimmer designed to collect customer payment information. A comparable supply-chain attack in 2021 also led to unauthorized access to sensitive data.

The latest breach reinforces the growing risks faced by major cultural and financial institutions that handle valuable client and employee data. As investigations continue, Sotheby’s has urged affected individuals to remain vigilant, review their financial statements regularly, and immediately report any suspicious activity to their bank or credit institution.