• Home
  • cyber
  • Sapp Bros. Inc: Sapp Bros. Data Breach Lawsuit Investigation
cyber Breach

Sapp Bros. Inc: Sapp Bros. Data Breach Lawsuit Investigation

Aug 25, 2025 2 min read
Sapp Bros. Inc: Sapp Bros. Data Breach Lawsuit Investigation

Sapp Bros. Inc. Data Breach Exposes Sensitive Information of Over 16,000 Individuals

Shamis & Gentile P.A., a class action law firm specializing in data breach cases, is investigating a cybersecurity incident involving Sapp Bros. Inc., a Nebraska-based travel center and petroleum distributor. The breach, detected on August 25, 2025, resulted in the exposure of personally identifiable information (PII) belonging to approximately 16,292 individuals, including 1,741 Iowa residents.

Key Details of the Breach

  • When: Unauthorized access occurred on August 25, 2025, with confirmation of PII exposure on November 10, 2025.
  • Where: The breach affected Sapp Bros. Inc., headquartered in Omaha, Nebraska, which operates travel centers along Interstate 80 and distributes petroleum products.
  • What Was Exposed: Compromised data includes Social Security numbers, driver’s license numbers, full names, and demographic information.
  • Who Was Responsible: On September 23, 2025, the hacking group Worldleaks claimed responsibility, leaking the stolen data on the dark web (Tor network).

Response and Impact

Sapp Bros. filed a disclosure with the Iowa Attorney General’s office on December 11, 2025, notifying affected individuals. The company is offering complimentary credit monitoring and identity theft protection through IDX, including:

  • Credit monitoring
  • Fraud alerts
  • Identity restoration assistance
  • $1 million in identity theft insurance

Affected individuals have until March 10, 2026, to enroll in these services. Legal representatives are also investigating potential compensation claims for those impacted.

Source: https://www.claimdepot.com/investigations/sapp-bros-data-breach-2026

Sapp Bros., Inc. cybersecurity rating report: https://www.rankiteo.com/company/sapp-bros.-inc.

"id": "SAP1768280739",
"linkid": "sapp-bros.-inc.",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '16,292',
                        'industry': 'Travel Centers, Petroleum Distribution',
                        'location': 'Omaha, Nebraska, USA',
                        'name': 'Sapp Bros. Inc',
                        'type': 'Company'}],
 'customer_advisories': 'Notification letters sent to affected individuals '
                        'with steps to protect themselves and enroll in IDX '
                        'services',
 'data_breach': {'data_exfiltration': 'Yes (claimed by Worldleaks on the dark '
                                      'web)',
                 'number_of_records_exposed': '16,292',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers',
                                              'Demographic information',
                                              "Driver's license numbers",
                                              'Full names']},
 'date_detected': '2025-08-25',
 'date_publicly_disclosed': '2025-12-11',
 'description': 'An unauthorized attacker accessed information on the Sapp '
                'Bros. Inc network, leading to the exposure of personally '
                'identifiable information (PII) of approximately 16,292 '
                'individuals. The breach was claimed by a group known as '
                'Worldleaks on the dark web.',
 'impact': {'data_compromised': 'Personally identifiable information (PII)',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing (legal investigation by Shamis & Gentile '
                         'P.A.)',
 'ransomware': {'data_exfiltration': 'Yes'},
 'recommendations': ['Enroll in complimentary credit monitoring and identity '
                     'theft protection services through IDX',
                     'Review credit reports regularly for suspicious activity',
                     'Place fraud alerts or security freezes with major credit '
                     'bureaus',
                     'Report signs of identity theft to local law enforcement '
                     'and the Federal Trade Commission'],
 'references': [{'source': 'Shamis & Gentile P.A. Investigation'},
                {'date_accessed': '2025-12-11',
                 'source': 'Iowa Attorney General Disclosure'},
                {'date_accessed': '2025-09-23',
                 'source': 'Worldleaks Dark Web Claim',
                 'url': 'Tor network (via dark web)'}],
 'regulatory_compliance': {'regulatory_notifications': 'Disclosure filed with '
                                                       'the Iowa Attorney '
                                                       'General'},
 'response': {'communication_strategy': 'Notification letters to affected '
                                        'individuals, disclosure to Iowa '
                                        'Attorney General',
              'third_party_assistance': 'Cybersecurity experts (manual and '
                                        'programmatic review)'},
 'threat_actor': 'Worldleaks',
 'title': 'Sapp Bros. Inc Data Breach',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.