Lessing’s Hospitality Group, a family-owned hospitality company operating over 120 locations across the Northeast and Florida, experienced a data breach after detecting suspicious activity in an employee’s email account on August 20, 2025. Unauthorized access exposed emails containing sensitive personally identifiable information (PII) of customers, including names, addresses, dates of birth, Social Security numbers, driver’s license/state ID details, health insurance data, and financial account information. The breach impacted thousands of current/former employees and other individuals, with notifications issued on October 3, 2025. The incident was also reported to the Vermont Attorney General’s office on October 6, 2025. Affected parties face risks of identity theft, financial fraud, and unauthorized account access, prompting legal investigations for potential compensation claims. The breach stems from a phishing-related compromise of an employee’s email, leading to exposure of highly sensitive customer and employee data.
Source: https://www.claimdepot.com/investigations/lessings-hospitality-group-data-breach-2025
TPRM report: https://www.rankiteo.com/company/lessings-inc-
"id": "les1192811100625",
"linkid": "lessings-inc-",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Several thousand '
'(current/former employees and '
'other individuals)',
'industry': 'Hospitality (Restaurants, Catering, '
'Corporate Dining, Pizza Franchises)',
'location': 'New York, USA (operations in Northeast '
'and Florida)',
'name': 'Lessing’s Hospitality Group',
'size': '120+ locations, serves 40,000+ customers '
'daily',
'type': 'Private Company'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': 'Customers/employees notified via mail; offered credit '
'monitoring and guidance on fraud prevention.',
'data_breach': {'data_exfiltration': 'Likely (emails containing PII were '
'viewed)',
'file_types_exposed': ['Email messages/attachments'],
'number_of_records_exposed': 'Several thousand',
'personally_identifiable_information': ['Name',
'Address',
'Date of Birth',
'Social Security '
'Number',
'Driver’s '
'License/State ID',
'Health Insurance '
'Details'],
'sensitivity_of_data': 'High (includes SSNs, driver’s license '
'info, financial accounts)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Health Insurance Information']},
'date_detected': '2025-08-20',
'date_publicly_disclosed': '2025-10-03',
'description': 'Lessing’s Hospitality Group, a family-owned hospitality '
'company operating over 120 locations in the Northeast and '
'Florida, discovered unauthorized access to an employee’s '
'email account on August 20, 2025. The breach exposed '
'sensitive personally identifiable information (PII) of '
'several thousand current/former employees and customers, '
'including names, addresses, Social Security numbers, driver’s '
'license/state ID details, health insurance data, and '
'financial account information. The company began notifying '
'affected individuals on October 3, 2025, and disclosed the '
'incident to the Vermont Attorney General’s office on October '
'6, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive '
'customer/employee data',
'data_compromised': ['Name',
'Address',
'Date of Birth',
'Social Security Number',
'Driver’s License/State ID Information',
'Health Insurance Information',
'Financial Account Information'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial '
'data, and PII)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'payment_information_risk': 'Moderate (financial account '
'information exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Compromised employee email account',
'high_value_targets': ['Employee PII',
'Customer PII',
'Financial Data']},
'investigation_status': 'Ongoing (as of Oct. 2025; legal investigation by '
'Shamis & Gentile P.A.)',
'recommendations': ['Enroll in free credit monitoring services (if offered)',
'Place a fraud alert on credit reports',
'Monitor financial statements for unauthorized activity',
'Request annual free credit reports from major bureaus',
'Seek legal counsel for compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-10-03',
'source': 'Lessing’s Hospitality Group Data Breach '
'Notification'},
{'date_accessed': '2025-10-06',
'source': 'Vermont Attorney General Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Potential class-action lawsuits '
'(investigation by Shamis & '
'Gentile P.A.)',
'regulatory_notifications': 'Vermont Attorney '
'General (notified on '
'Oct. 6, 2025)'},
'response': {'communication_strategy': 'Direct notifications to affected '
'parties; disclosure to Vermont '
'Attorney General (Oct. 6, 2025)',
'incident_response_plan_activated': 'Yes (investigation '
'initiated post-detection)',
'recovery_measures': 'Notification letters sent to affected '
'individuals (Oct. 3, 2025); credit '
'monitoring services offered'},
'stakeholder_advisories': 'Affected individuals advised to review '
'notification letters, enroll in credit monitoring, '
'and monitor accounts for fraud.',
'title': 'Lessing’s Hospitality Group Data Breach (2025)',
'type': 'Data Breach (Unauthorized Email Access)'}