Interstate Management Company Data Breach Exposes Sensitive Information of 22,743 Individuals
Shamis & Gentile P.A., a class action law firm specializing in data breach cases, is investigating a cybersecurity incident involving Interstate Management Company, LLC, a hotel management firm operating under Aimbridge Hospitality. The breach, confirmed on April 23, 2026, involved unauthorized access to hotel systems between November 19 and November 22, 2025.
Interstate Management Company, headquartered in Arlington, VA, manages branded and independent hotels, resorts, and convention centers across the U.S. and internationally. Following a 2019 merger with Aimbridge Hospitality, it became part of one of the world’s largest third-party hotel management companies, with corporate operations based in Plano, Texas.
The breach exposed sensitive data, including:
- Names
- Social Security numbers
- Financial account information
Affected individuals 22,743 in total were notified via written notice on May 26, 2026. Legal representatives are now reviewing potential compensation claims for those impacted.
Source: https://www.claimdepot.com/investigations/interstate-hotels-resorts-data-breach-2026
Aimbridge Hospitality cybersecurity rating report: https://www.rankiteo.com/company/aimbridge-hospitality
Aimbridge Hospitality cybersecurity rating report: https://www.rankiteo.com/company/aimbridge-hospitality-limited
"id": "AIMAIM1779899471",
"linkid": "aimbridge-hospitality, aimbridge-hospitality-limited",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '22743',
'industry': 'Hospitality',
'location': 'Arlington, VA, U.S. and internationally',
'name': 'Interstate Management Company, LLC',
'type': 'Hotel Management Firm'}],
'customer_advisories': 'Written notice sent to affected individuals on May '
'26, 2026',
'data_breach': {'number_of_records_exposed': '22743',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Financial Information']},
'date_detected': '2026-04-23',
'date_publicly_disclosed': '2026-05-26',
'description': 'Shamis & Gentile P.A. is investigating a cybersecurity '
'incident involving Interstate Management Company, LLC, a '
'hotel management firm operating under Aimbridge Hospitality. '
'The breach involved unauthorized access to hotel systems '
'between November 19 and November 22, 2025, exposing sensitive '
'data including names, Social Security numbers, and financial '
'account information.',
'impact': {'data_compromised': 'Names, Social Security numbers, Financial '
'account information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Under investigation',
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'under review'},
'response': {'communication_strategy': 'Written notice to affected '
'individuals'},
'title': 'Interstate Management Company Data Breach Exposes Sensitive '
'Information of 22,743 Individuals',
'type': 'Data Breach'}