Sotheby’s said it was the victim of a cyber intrusion on July 24 that resulted in the theft of an unspecified amount of data, including Social Security numbers and financial account information. In a filing with the state’s Attorney General’s Office this week, the company confirmed that two Maine residents were affected. The company said it was not aware of who was behind the attack.
Sotheby’s said in a letter to those affected that attackers were able to break in despite regular security work. The letter reads: “We have administrative and technical safeguards in place that protect information through layered defenses, strict access controls, secure connections, and advanced threat protections. We regularly patch systems, test our internal incident response plans, back up critical services, vet our vendors, and train our workforce to ensure security is built into how we work every day.”
The company said it will continue to review safeguards and consider further enhancements. It is offering affected individuals 12 months of credit and identity monitoring services through TransUnion, consistent with common US practice following data-theft incidents.
Sotheby’s is the second major auction house publicly linked to a cyberattack in recent years. Christie’s was raided by RansomHub in May 2024 but, according to reporting, avoided a public data leak after the group said it found a buyer via a private auction.
Don Smith, director of threat intelligence at Secureworks said last year that “auctioning rather than leaking data is not new, but relatively rare,” and that auctions are often a last-ditch attempt by criminals to obtain payment. It is also noted there may be cases where the amount or quality of stolen data makes a public sale unlikely.