We have learned that an unauthorized third party acquired certain employee data. Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts. The unauthorized third party has stated that the stolen data has been deleted. We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused.
Choice Hotels International disclosed a breach affecting franchisees and applicants. Its notification letter states that a "skilled person used social engineering" to gain access on January 14, 2026 to an application that contained records regarding franchisees and franchise applicants. The access occurred even though access required multifactor authentication (MFA). The information involved included names and Social Security numbers. There is no indication that any guest data was involved. No gang has publicly claimed responsibility for the attack as yet.
The letter also confirmed the attack took place on July 2, and that Ingram Micro detected it a day later, before shutting its systems down. "Promptly upon detecting the issue, we began taking steps to contain and remediate the unauthorized activity, including proactively taking certain systems offline and implementing other mitigation measures. We also initiated an investigation with the assistance of leading cybersecurity experts and notified law enforcement."
Hotel and casino operator Boyd Gaming has disclosed a cyberattack to US regulators, warning that hackers may have stolen personal information belonging to employees and other individuals. The Las Vegas-headquartered revealed Tuesday that attackers breached its tech systems and "removed certain data," though it has not confirmed when the attack occurred or who was responsible.
