CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Sotheby's data breach exposes employee financial information

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

Sotheby's, a leading global auction house, detected a data breach on July 24, 2025, where threat actors stole sensitive employee information, including financial details. The breach was discovered in July 2025, but the investigation took two months to determine the extent of the data stolen and the individuals impacted. The exposed information includes full names, Social Security numbers (SSNs), and financial account information. The total number of impacted individuals remains undisclosed, but at least four individuals in Maine and Rhode Island were affected. Sotheby's has offered a 12-month free identity protection and credit monitoring service through TransUnion to affected employees.

Timeline

  1. 16.10.2025 22:24 2 articles · 23h ago

    Sotheby's data breach detected on July 24, 2025

    The breach impacted employees, not customers. Sotheby's is a leading global auction house for fine art and high-value items, as well as an asset-backed lending services provider. The company handles billions of dollars worth of auction sales annually, with its total sales reaching $6 billion last year. Sotheby's had previous security incidents, including a web skimmer stealing customer card data and personal details between March 2017 and October 2018, and a supply-chain attack in 2021.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

SimonMed Imaging Data Breach Affects 1.2 Million Patients

SimonMed Imaging, a U.S. medical imaging provider, experienced a data breach in January 2025. The breach exposed sensitive information of over 1.2 million individuals. The unauthorized access occurred between January 21 and February 5, 2025. The company detected the breach on January 27 and took immediate steps to contain the situation. The Medusa ransomware group claimed responsibility for the attack and leaked some data as proof. The breach impacted patients across 11 U.S. states, where SimonMed operates approximately 170 medical centers. The company has not confirmed the exact nature of the stolen data but acknowledged the potential for highly sensitive information to have been compromised. SimonMed has offered affected individuals free identity theft protection services.

Open in new tab

Motility Software Solutions Ransomware Attack Exposes 766,000 Client Records

Motility Software Solutions, a provider of dealer management software (DMS), experienced a ransomware attack on August 19, 2025. The incident exposed the sensitive data of 766,000 customers. The compromised data includes full names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, and driver’s license numbers. The attack affected 7,000 dealerships across the United States. The company has implemented additional security measures, restored systems from backups, and established dark web monitoring. No ransomware group has claimed responsibility for the attack. Motility has offered a year of free identity monitoring services to affected individuals.

Open in new tab

Insight Partners Ransomware Breach Affects 12,657 Individuals

Insight Partners, a New York-based venture capital and private equity firm, has notified 12,657 individuals that their personal information was compromised in a ransomware attack. The breach, which occurred in October 2024, involved a sophisticated social engineering attack that allowed threat actors to access and encrypt servers. The stolen data includes banking and tax information, personal details of current and former employees, and information related to limited partners, funds, and portfolio companies. The company has offered complimentary credit or identity monitoring services to those affected and has filed breach notifications with state attorneys general. The incident highlights the ongoing risk of social engineering attacks and the potential for significant data exfiltration in ransomware breaches.

Open in new tab

FinWise insider breach exposes 689K American First Finance customers' data

A former employee of FinWise Bank accessed sensitive customer files after the end of their employment, impacting 689,000 American First Finance (AFF) customers. The breach involved personal data, including full names. FinWise has strengthened internal controls and is offering credit monitoring services to affected individuals. The breach occurred on May 31, 2024, and was disclosed in September 2025. The incident has led to multiple class-action lawsuits. FinWise Bank partners with AFF to originate and fund loans. The breach was discovered and investigated with the help of external cybersecurity professionals. The exact methods of unauthorized access and the full extent of the exposed data remain undisclosed.

Open in new tab

Lovesac Data Breach After Ransomware Attack

Lovesac, a furniture retailer, confirmed a data breach impacting an unspecified number of individuals. The breach occurred between February 12, 2025, and March 3, 2025, and involved unauthorized access to internal systems. The company discovered the breach on February 28, 2025, and has offered credit monitoring services to affected individuals. The RansomHub ransomware gang claimed responsibility for the attack, threatening to leak stolen data if a ransom was not paid. Lovesac operates 267 showrooms across the United States and reported annual net sales of $750 million. The stolen data includes full names and other personal information, though the exact details and the number of affected individuals remain undisclosed. The company has not confirmed whether customers, employees, or contractors were impacted.

Open in new tab