Summit reported a data breach to the Attorney General of New Hampshire, revealing that an unauthorized party gained access to its corporate systems on October 5, 2025. The investigation confirmed that sensitive personal identifiable information (PII)—including names, Social Security numbers, and contact details—was accessed and potentially acquired by the attacker. The breach impacted individuals variably, with no immediate confirmation of misuse but a high risk of identity theft or fraud. Summit initiated notifications to affected individuals on November 21, 2025, offering 24 months of complimentary credit monitoring as a remedial measure. The incident underscores a significant compromise of customer data, though no ransomware or broader systemic disruption was reported. The exposure of SSNs and personal details elevates the risk of long-term financial and reputational harm for victims, while Summit faces regulatory scrutiny and potential erosion of trust.
Source: https://straussborrelli.com/2025/11/24/summit-hotel-properties-data-breach-investigation/
Summit cybersecurity rating report: https://www.rankiteo.com/company/summitsays
"id": "SUM2120021112625",
"linkid": "summitsays",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'name': 'Summit', 'type': 'Organization'}],
'customer_advisories': 'Data breach notification letters with details on '
'impacted PII and credit monitoring offer',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access and '
'acquisition confirmed)',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Contact information'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-10-05',
'description': 'Summit reported a data breach to the Attorney General of New '
'Hampshire, where an unauthorized party gained access to '
'corporate systems, potentially compromising sensitive '
'personal identifiable information (PII). The breach was '
'detected on October 5, 2025, and affected individuals were '
'notified via mail starting November 21, 2025. Impacted data '
'includes names, Social Security numbers, and contact '
'information. Summit is offering 24 months of complimentary '
'credit monitoring to affected individuals.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive PII',
'data_compromised': ['Name',
'Social Security number',
'Contact information'],
'identity_theft_risk': 'High (due to exposure of SSNs and PII)',
'systems_affected': ['Certain corporate systems']},
'investigation_status': 'Ongoing (review of impacted data and identification '
'of affected individuals in progress as of November '
'2025)',
'references': [{'source': 'Attorney General of New Hampshire - Summit Breach '
'Notice'}],
'regulatory_compliance': {'regulatory_notifications': 'Notified the Attorney '
'General of New '
'Hampshire'},
'response': {'communication_strategy': 'Data breach notification letters '
'mailed to impacted individuals '
'starting November 21, 2025',
'incident_response_plan_activated': 'Yes (investigation launched '
'post-detection)',
'recovery_measures': '24 months of complimentary credit '
'monitoring for affected individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'Summit Data Breach - October 2025',
'type': 'Data Breach'}