Real estate investment and hospitality management giant, Highgate Hotels, L.P., recently experienced a significant data breach that exposed a wide range of sensitive consumer information. The breach was discovered on September 13, 2024, but the actual unauthorized access occurred over two days, March 25 and March 26, 2024.
The breach affected individuals across the United States, including 1,474 individuals in Texas and 10 individuals in Maine.
The breach was reported to the California Attorney General's office on December 10, 2024, the Maine Attorney General's office on December 10, 2024, and the Texas Attorney General's office on December 9, 2024.
The compromised information includes highly sensitive data, which could lead to serious risks of identity theft and financial fraud.
The types of consumer information exposed in this breach include:
The severity of this breach is compounded by the breadth of information exposed, as it includes both personal identification and financial details. This type of information could be exploited for identity theft, fraudulent transactions, and other malicious activities.
Highgate Hotels, L.P. has taken steps to address the breach and notify affected individuals. Consumers were informed of the incident via written notice sent through U.S. Mail on December 6, 2024. The company also reported the breach to relevant state authorities, including the Attorneys General of California, Maine, and Texas, as required by law.
If you believe you may have been affected by this data breach, it is crucial to act quickly to protect yourself. Given the sensitive nature of the information exposed, here are some steps you should take:
By taking these proactive steps, you can reduce the risk of identity theft and better protect your personal and financial information.
For more details, you can view the official disclosure on the Maine Attorney General's website, the Texas Attorney General's website, and the California Attorney General's website.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.