Sotheby Data Breach Lawsuit

Sotheby’s recently experienced a data breach that compromised the personal information of several individuals, including two residents of Maine. The breach, caused by an external hacking incident, exposed sensitive personal information, including names, Social Security numbers, and financial account details. If you have been affected, you may have legal options for seeking compensation.

Sotheby’s Data Breach Investigation

On July 24, 2025, Sotheby’s detected unusual activity that indicated an external actor had removed certain data from its environment. Upon identifying the breach, the company immediately launched an investigation to understand the extent of the breach and what information had been involved.

Working with third-party specialists, Sotheby’s began downloading and cataloging the data for further review. This process continued until around September 24, 2025, when they were able to complete a comprehensive analysis of the data to determine which personal information had been compromised and to whom it related.

The breach affected at least two individuals, both of whom reside in Maine. Sotheby’s responded by notifying these individuals about the breach and offering them free identity monitoring services. Additionally, they worked with federal law enforcement to investigate the matter and ensure that the situation was properly addressed.

To mitigate future risks, Sotheby’s reviewed their internal systems and security protocols. The company has implemented advanced threat protection, enhanced access controls, and ongoing patching to prevent further breaches. They also continually review their internal security measures to ensure their systems remain secure.

When Did This Breach Occur?

The breach occurred on July 24, 2025, and was discovered on September 24, 2025.

What Information Was Breached?

The data breach involved the following personal information:

• Names
• Social Security Numbers
• Financial Account Information

This breach affected two Maine residents. While the scope of the breach was relatively small, any exposure of this sensitive information is a serious issue.

What You Can Do

If you were affected by this breach, here’s what you can do to protect yourself:

• Enroll in Credit Monitoring: Sotheby’s is offering 12 months of complimentary credit monitoring services through TransUnion to help monitor your credit and identify any suspicious activity.
• Place a Fraud Alert or Security Freeze: You can place a fraud alert or security freeze on your credit file to help prevent unauthorized access.
• Review Your Financial Statements: Carefully monitor your bank and credit card statements for any signs of fraudulent activity.
• Report Suspicious Activity: If you notice any unusual transactions or believe you are a victim of identity theft, contact your bank, credit card company, and the relevant authorities.

Sotheby’s also provides guidance on how to remain vigilant and steps for reporting fraud to the Federal Trade Commission, your state Attorney General, and law enforcement agencies.

File a Data Breach Lawsuit Against Sotheby