Sotheby's Data Breach Exposes Personal Info

Sotheby's auction house experienced a data breach that exposed sensitive personal information of some clients. On July 24, 2025, the company discovered that certain sensitive data had been removed from its internal network by an unknown actor.

A threat actor known as "m217" claimed responsibility on a public forum, posting about the breach and the exfiltrated data. The cyberattack compromised personally identifiable information (PII).

A review was completed on Sept. 24, 2025 and determined that exposed information included names, Social Security numbers and financial account information. Sotheby's began notifying impacted individuals by mail on Oct. 15, 2025.

The data breach was disclosed to the Maine Attorney General's office and the Massachusetts Attorney General's office on Oct. 15, 2025. The total number of affected individuals has not been released but may include several thousand clients.

Sotheby's response

In response to the breach, Sotheby's took immediate steps to secure its systems and notified federal law enforcement. In addition to required state disclosures, the company is offering affected individuals 12 free months of TransUnion Cyberscout credit monitoring services.

If you receive notice from Sotheby's about this breach, you may want to:

• Sign up for the free credit monitoring services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the auction house, visit the Sotheby's website.