Lessing’s Hospitality Group, a New York and Florida-based hospitality company, suffered a data breach after detecting unauthorized access to an employee email account. The investigation confirmed that sensitive personal information (PII/PHI) of current and former employees—including names, addresses, Social Security numbers, driver’s license copies, health insurance details, and financial account information—may have been viewed. The breach was disclosed to affected individuals via mail (October 3, 2025) and reported to the Vermont Attorney General’s office (October 6, 2025). While the exact number of impacted individuals remains undisclosed, the breach potentially affects thousands. The company secured its email environment and engaged a forensic firm to investigate, but the exposure of highly sensitive employee data poses significant risks of identity theft, financial fraud, and phishing attacks.
Source: https://www.claimdepot.com/data-breach/lessings-hospitality-group-2025
TPRM report: https://www.rankiteo.com/company/lessings-inc-
"id": "les2192721100625",
"linkid": "lessings-inc-",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Several thousand (current and '
'former employees and other '
'individuals)',
'industry': 'Hospitality',
'location': ['New York', 'Florida'],
'name': 'Lessing’s Hospitality Group',
'type': 'Private Company'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': ['Review breach notices from Lessing’s Hospitality '
'Group.',
'Monitor for identity theft or fraud.'],
'data_breach': {'data_exfiltration': 'Likely (information may have been '
'viewed)',
'number_of_records_exposed': 'Several thousand (exact number '
'not disclosed)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['Names',
'Addresses',
'Social Security Numbers (SSNs)',
'Driver’s License or State ID '
'Copies',
'Health Insurance Information',
'Financial Account Information']},
'date_publicly_disclosed': '2025-10-03',
'description': 'Lessing’s Hospitality Group, a hospitality company based in '
'New York and Florida, experienced a data breach involving '
'unauthorized access to an employee email account. The breach '
'exposed sensitive personal information, including PII and '
'PHI, of current and former employees and other individuals. '
'The company began notifying affected individuals by mail on '
'Oct. 3, 2025, and disclosed the incident to the Vermont '
"Attorney General's office on Oct. 6, 2025.",
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive employee and '
'individual data',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': "High (due to exposure of SSNs, driver's "
'license copies, and financial account '
'information)',
'legal_liabilities': 'Potential legal and regulatory consequences '
'(e.g., Vermont Attorney General '
'notification)',
'payment_information_risk': 'Moderate (financial account '
'information exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Compromised employee email account',
'high_value_targets': ['Employee PII/PHI data']},
'investigation_status': 'Completed (forensic investigation confirmed security '
'of systems)',
'post_incident_analysis': {'corrective_actions': ['Secured email environment',
'Engaged forensic security '
'firm for investigation'],
'root_causes': ['Unauthorized access to employee '
'email account']},
'recommendations': ['Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing attempts using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Claim Depot (via Lessing’s Hospitality Group '
'advisory)'},
{'source': 'Lessing’s Hospitality Group Website'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Attorney '
'General (disclosed on '
'2025-10-06)']},
'response': {'communication_strategy': ['Mail notifications to affected '
'individuals',
'Disclosure to Vermont Attorney '
'General'],
'containment_measures': ['Secured email environment'],
'incident_response_plan_activated': True,
'third_party_assistance': ['Forensic Security Firm']},
'stakeholder_advisories': ['Mail notifications to affected individuals'],
'title': 'Lessing’s Hospitality Group Data Breach (2025)',
'type': 'Data Breach'}