Sotheby’s, the famed auction house, has disclosed a data breach that involved hackers stealing highly sensitive personal information from its systems.
The New York City-based luxury auctioneer is informing impacted individuals that it discovered an intrusion on July 24. An investigation revealed that the attacker had taken files containing information such as name, SSN, and financial account data.
The notice sent to the affected people, a copy of which was submitted to the Maine Attorney General’s Office (AGO), shows that Sotheby’s is offering them 12 months of free credit monitoring services.
The total number of affected people, which is required by the Maine AGO, has not been disclosed. The AG has been informed that two Maine residents are impacted.
Sotheby’s told authorities in Massachusetts that 10 residents are impacted. This indicates that the total number of individuals whose information was stolen is likely small.
It’s unclear whether the victims are employees or customers.
It’s also unclear whether Sotheby’s was the target of a ransomware attack. No known ransomware group appears to have taken credit for the intrusion.
SecurityWeek has reached out to Sotheby’s for comment and will update this article if the company responds.
UPDATE: Sotheby’s has provided the following statement to SecurityWeek:
Sotheby’s discovered a cybersecurity incident that may have involved certain employee information. Upon discovery of the incident, we immediately launched an investigation in cooperation with leading data protection and response experts and law enforcement. The company is notifying all impacted individuals appropriately in line with our requirements. We take the security of company and individual information very seriously and continue to work diligently to protect our systems and data.
Related: Prosper Data Breach Impacts 17.6 Million Accounts
Related: F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts
Related: Customer Service Firm 5CA Denies Responsibility for Discord Data Breach
