Sotheby’s confirms data breach after hackers accessed sensitive client information

Sotheby’s, one of the world’s largest art and jewelry brokers, has confirmed a data breach following unauthorized access to its internal systems that exposed sensitive personal information belonging to some of its clients.

The company said it detected the incident in late July and launched an internal investigation with assistance from third-party cybersecurity specialists. According to a breach notice filed with regulators, an unknown actor exfiltrated “certain data” from Sotheby’s systems on or around July 24, 2025. The investigation, which involved cataloging and reviewing compromised files, concluded on September 24.

Sotheby’s said the exposed data included clients’ full names, Social Security numbers, and financial account information. While the company has not disclosed the total number of affected individuals, a notice to Maine residents indicates that at least two people in that state were impacted. The actual scope of the breach is believed to be wider, but Sotheby’s has not provided a nationwide count.

In its notification, the New York-based auction house said it had notified federal law enforcement and relevant regulatory authorities, and it is directly contacting those affected. “We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity,” the company said in its statement.

To support impacted individuals, Sotheby’s is offering 12 months of complimentary credit monitoring and identity protection services through TransUnion. The company is also advising customers to consider placing fraud alerts or credit freezes to help safeguard their financial accounts.

Founded in 1744, Sotheby’s is a global leader in fine art, jewelry, and collectibles, handling billions of dollars in transactions each year. Owned by billionaire Patrick Draghi, the company reported $813 million in revenue last year with total sales exceeding $6 billion. Its extensive client base and high-value transactions make it a frequent target for cybercriminals seeking financial or reputational leverage.

Following the breach, Sotheby’s said it strengthened security across its systems, reinforcing access controls, network defenses, and monitoring capabilities. The company did not disclose how the attackers gained entry or whether specific vulnerabilities were exploited. As of now, no ransomware group has claimed responsibility, and the stolen data has not surfaced on known dark web leak sites.