The 2025 Pyramid Global Hospitality Data Breach: Find Out What Happened and Your Legal Rights

5 min read time
Media image.

Injured? 

We can help.
See if you qualify for a case

In September 2025, Pyramid Global Hospitality, one of the largest hotel and resort management companies in the United States, suffered a significant data breach. 

This incident exposed sensitive personal information of current and former employees and potentially others tied to the company, raising serious privacy concerns and questions as to how such a large corporation had inadequate digital security to protect such confidential information.

Those affected by the data breach may be eligible to file a claim against Pyramid Global for its lax security measures, which left others susceptible to a cyberattack. If you believe you were affected by this or any other data breach, contact Morgan & Morgan for a free case evaluation to learn more about your legal options.

What Happened WIth the Pyramid Global Data Breach?

In late September 2025, a ransomware and data theft group known as WorldLeaks publicly claimed responsibility for a cyberattack on Pyramid Global Hospitality. The group posted stolen data to an online leak site, indicating that confidential corporate and personal records had been exfiltrated from Pyramid’s systems. Analysis of the leaked data confirmed that the exposed dataset included extremely sensitive personal information belonging to employees and contractors.

The leaked records reportedly contained thousands of unique data points, including Social Security numbers, email addresses, home addresses, and phone numbers. The volume of exposed Social Security numbers alone suggests the breach centered on internal HR and payroll systems rather than public guest information.

What Types of Data Were Exposed in the Pyramid Global Data Breach?

Though Pyramid has since reported and disclosed the breach through notices to state authorities, independent analysis revealed a broad range of personal data was compromised, including:

  • Social Security numbers
  • Home addresses
  • Email addresses
  • Phone numbers
  • Other personally identifiable information (PII)

The total volume of exposed records is significant. More than 50,000 unique Social Security numbers alone were detected in the leaked data.

Because Social Security numbers are highly sensitive, this kind of exposure can be a gateway to identity theft, tax refund fraud, unemployment benefits fraud, credit account fraud, and other serious forms of financial and reputational harm.

Who Was Affected by the Pyramid Global Data Breach?

Unlike many high-profile hospitality data breaches that have targeted hotel guests, this incident appears to have principally affected current and former employees and contractors.

The presence of payroll and HR-related identifiers (like Social Security numbers) strongly suggests that the breached data came from internal human resources, payroll, and personnel records and not guest profiles.

Company Response & Notifications

According to official breach notices filed with several state attorneys general, Pyramid began notifying affected individuals in late 2025 and early 2026. These notifications included details about the data that may have been accessed without authorization, and guidance on steps individuals should take to protect themselves going forward.

Pyramid has offered complimentary credit monitoring and identity protection services to those affected, a common first step after a breach, and has provided information on how to place fraud alerts or credit freezes with the major credit bureaus.

Why This Matters to You

When a company entrusted with personal data fails to secure it adequately, individuals can face lasting consequences. Stolen Social Security numbers and contact information can be used to open fraudulent accounts, file fake tax returns, or commit other identity theft crimes that may go unnoticed for years.

Even if there’s no immediate evidence of misuse, the risk remains long-term, because once sensitive information is exposed, it can circulate on the dark web indefinitely. Regularly reviewing credit reports and financial statements is essential.

Legal Risks and Consumer Protections

Identity Theft and Financial Fraud

Exposure of Social Security numbers and contact information puts affected individuals at elevated risk of:

  • Identity theft
  • Tax refund fraud
  • Loan and credit fraud
  • Employment and benefits fraud

Victims of breaches involving Social Security numbers often face long-term risk, because these numbers cannot be “reset” like passwords or account numbers.

Requirements to Notify

Under state and federal law, companies must notify affected individuals and regulators when there is a reasonable risk of harm from unauthorized access to personal information. These laws often have specific timelines and content requirements for such notifications.

Failing to provide timely and adequate notice may expose companies to:

  • Consumer protection claims
  • Class action litigation
  • Regulatory enforcement actions

Potential Legal Claims

Affected individuals may have legal grounds to pursue claims against the company, including:

  • Negligence, if the company failed to take reasonable measures to protect personal information,
  • Breach of implied contract, if the company promised to protect personal data but failed to do so, and/or
  • Statutory privacy violations under state data security and breach notification laws

In cases involving large numbers of victims across multiple states, plaintiffs’ firms frequently seek to consolidate lawsuits through the federal courts’ multidistrict litigation (MDL) process.

Affected by the Data Breach? Here’s What You Should Do Now

If you’ve been notified that your personal information was involved in this breach or you suspect it may have been:

  1. Enroll in the free credit monitoring services offered by Pyramid.
  2. Review your credit reports and financial accounts for unusual activity.
  3. Place a fraud alert or security freeze with the major credit bureaus.
  4. Consider speaking with a data breach attorney at Morgan & Morgan to evaluate your legal rights and options.

At Morgan & Morgan, our experienced data privacy and cybersecurity lawyers are here to help you navigate the aftermath of a breach and pursue justice and compensation.

If you believe your personal information was exposed in the Pyramid Global Hospitality breach, don’t wait. Reach out today for a free, confidential case evaluation

Disclaimer
This website is meant for general information and not legal advice.

Learn more

Injured?

Not sure what to do next?
We'll guide you through everything you need to know.

Are You Keeping Your Data Safe When Shopping Online?
Morgan & Morgan Is Investigating the American Debt Services Data Breach: What You Need To Know
Hot Topic Hit by Data Breach Lawsuit: Are You Affected?
Finastra Data Breach: What You Need to Know and How It May Impact You
PlainsCapital Bank and MOVEit Data Breach Leaks Customer Info
MGM Resorts Data Breach Affects Nearly 11 Million Customers
Google Shared Users’ Private Videos With Strangers
Lansing College Data Breach May Expose 757k Social Security Numbers
Ransomware Attacks on Bell Ambulance and Alabama Ophthalmology Associates Compromise Data of Over 245,000 Patients
Breaking Down the Current State of the MOVEit Data Breach
Morgan & Morgan Investigating the Sutter Health Data Breach
BetMGM Confirms Data Breach
Michigan Rural Health System Data Breach: What Patients Need to Know
Salesforce Sued Over Data Breach Affecting 1 Million Farmers Insurance Customers
Healthcare Services Group, Inc. Data Breach: What You Need to Know
Carter Credit Union Data Breach: What Victims Need to Know
University of Iowa Community HomeCare Data Breach Impacts 211,000 Patients
Plex Data Breach: What Happened and How to Protect Yourself
WestJet Data Breach: What the Affected 1.2 Million Passengers Need to Know
Motility Software Solutions Data Breach: What Victims Need to Know