Sotheby’s Discloses Cyber-Attack From July
Sotheby’s, the globally recognized auction house, has disclosed a cyber-attack that occurred on July 24, resulting in the theft of sensitive data, including Social Security numbers and financial account details. Though the identity of the attackers remains unknown, the breach has impacted individuals in Maine, as confirmed in a filing with the state’s Attorney General’s Office. The company has yet to confirm how many individuals were affected overall, or whether an extortion attempt was made.
In a notification to those affected, Sotheby’s emphasized its commitment to cybersecurity, stating that it employs layered defenses, access controls, regular patching, vendor vetting, and incident response drills. Despite these efforts, the attack was successful. As a mitigation step, the company is offering 12 months of credit and identity monitoring services via TransUnion.
This breach follows a similar incident involving Christie’s in May 2024, where the RansomHub group claimed to have sold stolen data in a private auction, avoiding a public leak. Experts remain skeptical about the success of such ransomware auctions, suggesting they are often a last-ditch attempt for financial gain, especially when victims refuse to pay ransoms.
Incidents like the Sotheby’s breach underscore the critical need for robust cyber infrastructure monitoring with a system like NIKSUN. Full packet capture, network flow data, logs, and endpoint telemetry provide a comprehensive view of network activity, enabling organizations to detect and investigate threats such as malware, ransomware, phishing, DDoS attacks, and brute-force attempts. These data sources offer deep visibility that helps security teams trace attack paths, understand tactics used by threat actors, and respond swiftly to minimize damage. By continuously monitoring these elements, organizations can move from reactive defenses to proactive threat hunting, ensuring a faster and more effective response to cyber threats and enhancing overall resilience. Read more about this story on our LinkedIn page
In a notification to those affected, Sotheby’s emphasized its commitment to cybersecurity, stating that it employs layered defenses, access controls, regular patching, vendor vetting, and incident response drills. Despite these efforts, the attack was successful. As a mitigation step, the company is offering 12 months of credit and identity monitoring services via TransUnion.
This breach follows a similar incident involving Christie’s in May 2024, where the RansomHub group claimed to have sold stolen data in a private auction, avoiding a public leak. Experts remain skeptical about the success of such ransomware auctions, suggesting they are often a last-ditch attempt for financial gain, especially when victims refuse to pay ransoms.
Incidents like the Sotheby’s breach underscore the critical need for robust cyber infrastructure monitoring with a system like NIKSUN. Full packet capture, network flow data, logs, and endpoint telemetry provide a comprehensive view of network activity, enabling organizations to detect and investigate threats such as malware, ransomware, phishing, DDoS attacks, and brute-force attempts. These data sources offer deep visibility that helps security teams trace attack paths, understand tactics used by threat actors, and respond swiftly to minimize damage. By continuously monitoring these elements, organizations can move from reactive defenses to proactive threat hunting, ensuring a faster and more effective response to cyber threats and enhancing overall resilience. Read more about this story on our LinkedIn page