A data breach at Summit Hotel Properties, a publicly traded real estate investment trust, resulted in the unauthorized access and exfiltration of personally identifiable information (PII) from its corporate systems. The breach was detected on October 5, 2025, by a managed service provider, and containment was achieved by October 6, 2025. The stolen data, later disclosed on the dark web by the threat actor 'Worldleaks' on October 24, 2025, included sensitive details such as names, addresses, phone numbers, email addresses, and Social Security numbers.The exposure of PII poses significant risks, including identity theft and financial fraud, for at least one confirmed individual in New Hampshire, though the full scope remains under investigation. Summit Hotel Properties conducted a review by October 26, 2025, and reported the incident to the New Hampshire Attorney General’s office on November 21, 2025. Affected individuals were notified via mail and offered two years of free identity monitoring through Kroll. The breach underscores vulnerabilities in data security, with potential long-term reputational and financial repercussions for the company.
Source: https://www.claimdepot.com/data-breach/summit-hotel-properties-2025
Summit Hotel and Resort Specialist Inc. cybersecurity rating report: https://www.rankiteo.com/company/summit-hotel-and-resort-specialist-inc-
"id": "SUM0010600112525",
"linkid": "summit-hotel-and-resort-specialist-inc-",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 1 (in New Hampshire; '
'exact number under '
'investigation)',
'industry': 'Hospitality/Real Estate',
'location': 'Austin, Texas, USA',
'name': 'Summit Hotel Properties',
'type': 'Publicly Traded Real Estate Investment Trust '
'(REIT)'}],
'customer_advisories': 'Notification letters sent to impacted individuals; '
'recommendation to enroll in identity monitoring',
'data_breach': {'data_exfiltration': 'Yes (files exfiltrated)',
'number_of_records_exposed': 'At least 1 (under '
'investigation)',
'personally_identifiable_information': ['names',
'addresses',
'phone numbers',
'email addresses',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-10-05',
'date_publicly_disclosed': '2025-10-24',
'date_resolved': '2025-10-06',
'description': 'A data breach at Summit Hotel Properties, a publicly traded '
'real estate investment trust based in Austin, Texas, exposed '
'personally identifiable information (PII) of at least one '
'person in New Hampshire. The breach was detected by a managed '
'service provider, and an unauthorized party exfiltrated '
'files. The incident was disclosed on the dark web by the '
"actor 'Worldleaks,' who threatened to publish the stolen "
'data. The exposed PII includes names, addresses, phone '
'numbers, email addresses, and Social Security numbers, posing '
'risks of identity theft and financial fraud.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of PII and dark web '
'disclosure',
'data_compromised': ['names',
'addresses',
'phone numbers',
'email addresses',
'Social Security numbers'],
'identity_theft_risk': 'High (due to exposure of PII including '
'SSNs)',
'systems_affected': ['corporate systems']},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened (by '
"'Worldleaks')"},
'investigation_status': 'Ongoing (number of affected individuals may change)',
'recommendations': ['Offering two years of free identity monitoring services '
'(via Kroll) to affected individuals',
'Monitor for suspicious activity related to exposed PII'],
'references': [{'source': 'Summit Hotel Properties Breach Notice (New '
'Hampshire AG)'},
{'date_accessed': '2025-10-24',
'source': "Dark Web Disclosure by 'Worldleaks'"}],
'regulatory_compliance': {'regulatory_notifications': 'New Hampshire Attorney '
'General’s office '
'(reported on '
'2025-11-21)'},
'response': {'communication_strategy': 'Notification to impacted individuals '
'via mail; public disclosure via '
'regulatory filing',
'containment_measures': 'Intrusion contained by 2025-10-06',
'incident_response_plan_activated': 'Yes (contained by '
'2025-10-06)',
'law_enforcement_notified': 'Yes (federal law enforcement and '
'New Hampshire Attorney General’s '
'office)',
'third_party_assistance': 'Yes (engaged cybersecurity experts)'},
'threat_actor': 'Worldleaks',
'title': 'Data Breach at Summit Hotel Properties',
'type': 'Data Breach'}