Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Sotheby’s hit by ransomware attack

Incident
First reported
Last updated
Happening score
H score 12
1 unique sources, 1 articles

Summary

Hide ▲

Sotheby’s disclosed a cybersecurity incident after an unknown actor removed data from its environment, creating risk that employee information was exposed. The breach notification identified full names, SSNs, and financial account information among the affected records. Sotheby’s said it launched an investigation with response experts and law enforcement and is notifying impacted individuals. The incident was first detected on July 24, 2025 and remains a disclosed breach event rather than a claimed ransomware attack.

Related Happenings

HackerOne employee and dependent data leak after Navia breach

Data Leak
First: 24.03.2026 16:01 Last: 24.03.2026 16:01 Sources 1

About this happening: HackerOne disclosed that **sensitive employee and dependent data** was exposed after attackers accessed **Navia** through a **Broken Object Level Authorization (BOLA) vulnerabilit...

Open Happening

Navia Benefit Solutions Inc. hit by cyberattack

Incident
First: 19.03.2026 22:43 Last: 19.03.2026 22:43 Sources 1

About this happening: **Navia Benefit Solutions, Inc.** disclosed a **data breach** that exposed sensitive information for **nearly 2.7 million individuals**, after attackers had access to its systems...

Open Happening

University of Phoenix hit by network compromise

Incident
First: 03.12.2025 15:23 Last: 03.12.2025 15:23 Sources 1

About this happening: **University of Phoenix** disclosed a **data breach** after attackers accessed its **Oracle E-Business Suite (EBS)** financial application during **August 13-22, 2025**. The schoo...

Latest development: 23.12.2025 18:00

Notification letters submitted to the Maine Attorney General’s Office and affected individuals on Monday confirmed that 3,489,274 individuals were affected, including 9131 Maine residents. The compromised data included names, contact information, dates of birth, Social Security numbers, and bank account and routing numbers, and University of Phoenix is offering 12 months of credit monitoring, identity theft recovery assistance, dark web monitoring, and a $1m fraud reimbursement policy.

Open Happening

Sotheby’s customer data leak

Data Leak
First: 16.10.2025 22:24 Last: 16.10.2025 22:24 Sources 1

About this happening: Sotheby’s disclosed a **data leak** after an **unknown actor** removed customer records from its environment, exposing **full names**, **Social Security numbers**, and **financial...

Open Happening

Timeline

  1. 17.10.2025 03:00 2 articles · 7mo ago

    Sotheby’s identifies employee information exposure and notifies affected people

    Victim Impact Update

    Sotheby’s said the cybersecurity incident may have involved employee information rather than customer data, and a Maine AG filing said the exposed records included full names, Social Security numbers, and financial account information. The organization said it launched an investigation with data protection and response experts and law enforcement, and it offered impacted individuals 12 months of free identity protection and credit monitoring through TransUnion with 90 days to enroll.

    Show sources
    Open in new tab
  2. 16.10.2025 22:24 1 articles · 7mo ago

    Sotheby’s detects unauthorized data removal

    Initial Disclosure

    Sotheby’s became aware on July 24, 2025 that an unknown actor had removed data from the organization’s environment, prompting a cybersecurity incident response for the affected auction house.

    Show sources
    Open in new tab