Pyramid Global Hospitality data breach impacted close to 140,000 individuals

Leading U.S. hospitality management company Pyramid Global Hospitality has announced that a major ransomware attack in August compromised the sensitive personal and financial information of more than 139,000 current and former employees.

 

The hospitality giant announced in a filing with the Oregon Department of Justice Consumer Protection board that the cyber attack, which occurred between August 13 and August 14, 2025, impacted about 139,899 individuals. The number of affected individuals was revised upwards from about 52,100 which the company deemed to be affected by the incident as on October 10, 2025.

 

According to analysis by Upguard, Pyramid Global Hospitality suffered a ransomware attack carried out by the WorldLeaks ransomware group which is known to conduct cyber attacks purely to extort victims out of large sums of money. The cyber attack compromised victims’ names, Social Security Numbers, passport details, driver’s licences, financial accounts as well as medical and health insurance information.

 

Pyramid Global Hospitality describes itself as a leading third-party hospitality management company offering solutions to some of the world’s best hotels and resorts. The company’s portfolio spans more than 230 properties across the U.S., Caribbean and Europe, with offices in Boston; The Woodlands, Texas; Cincinnati; and London.  

 

Upguard said the cyber attack on Pyramid Global, classified as a sophisticated data exfiltration event, was a high severity attack as it involved the theft of highly sensitive personal identifiers from HR and payroll databases, exposing the affected individuals to risks of identity theft and financial fraud.

 

In a letter sent to affected individuals on February 26, Pyramid Global said that it became aware of suspicious activity on its network on August 14 but it took until September 30 for the company to realize that the incident had impacted data stored in its servers.     

 

"We began a comprehensive review of the impacted data with the assistance of a third-party specialist, to determine what information was affected and to whom the information related. We are providing this notice after determining that current and former Pyramid employee data was likely impacted by this event," the company said.

 

"We take this event and the security of personal information in our care very seriously. Upon learning of this activity, we took steps to ensure the security of our systems, investigate the event, and report the event to federal law enforcement," Pyramid added. "Additionally, we are notifying state regulators as required. We also recognize the evolving nature of cyber security and will continue to evaluate and enhance our safeguards."

 

The hospitality management company added that it is providing all affected individuals with 12 months of complimentary credit and CyberScan monitoring services through IDX as an added precaution.