Choice Hotels Data Breach Affects 24k People

Published

February 20, 2026

Updated

March 4, 2026

Choice Hotels

Affected by the data breach? You may be entitled to compensation. Submit a claim today.

On Jan. 14, 2026, Choice Hotels International, Inc., a major hospitality franchisor, experienced a data breach involving sensitive personal information of franchisees and franchise applicants. According to regulatory filings, a skilled individual used social engineering tactics to bypass security measures and gain unauthorized access to an internal application that stored records about these individuals.

Notably, this breach occurred even though the application required multifactor authentication (MFA), highlighting the sophistication of the attack.

Choice Hotels detected the intrusion and shut down the unauthorized access in less than an hour.

A thorough investigation followed, and by Jan. 26, 2026, the company determined that the accessed records contained names, contact information, Social Security numbers and dates of birth.

In total, 24,115 people across the country have been impacted by the breach.

The breach's state impacts include 2,559 Texas residents, 269 Massachusetts residents, 66 Maine residents, and 67 New Hampshire residents, as disclosed to the attorneys general of Texas, Massachusetts, Maine, and New Hampshire. The company also notified the attorneys general of California and Vermont.

The total number of people affected in the United States was not specified in the filings, but the incident was limited to franchisees and franchise applicants, not hotel guests.

Choice Hotels International's response

To support those impacted, Choice Hotels is offering two years of complimentary credit monitoring and identity protection services through Epiq Privacy Solutions ID. This service includes three-bureau credit monitoring, annual credit reports and scores, $1 million in identity theft insurance, dark web monitoring, lost wallet assistance and dedicated identity restoration specialists.

Affected individuals are encouraged to enroll in these services and to monitor their credit reports for any unusual activity.

Given that the breach involved a targeted social engineering attack that defeated MFA, affected individuals should be especially cautious about phishing attempts or suspicious communications.

It is advisable to place a fraud alert or security freeze on credit files, review account statements regularly and report any signs of identity theft to the Federal Trade Commission or local law enforcement.