JC Resorts Data Breach Exposes Social Security Numbers

JC Resorts LLC, a family-owned hospitality company headquartered in La Jolla, California, has disclosed a data breach that occurred in January 2026.

JC Resorts detected unauthorized activity on its computer network. The company launched an investigation with the help of outside cybersecurity specialists to secure the network and determine the nature and scope of the activity.

The investigation found that an unauthorized actor viewed and copied certain files stored on the company's network on Jan. 19, 2026. After identifying the affected files, JC Resorts conducted a comprehensive review to determine what personal information was involved and which individuals were affected by the incident.

The types of personal information exposed in the breach included names and Social Security numbers.

The breach was reported to the California Attorney General and the Massachusetts Office of Consumer Affairs and Business Regulation on April 28, 2026.

Notification letters to consumers were mailed on April 28, 2026. The total number of individuals affected nationwide has not been publicly disclosed; however, six Massachusetts residents were identified as affected.

JC Resorts' response to the breach

JC Resorts is offering affected individuals 24 months of free credit monitoring and identity protection services through Experian IdentityWorks. The membership includes credit monitoring of the individual's Experian credit file for indicators of fraud, identity restoration support from specialists and $1 million in identity theft insurance.

Affected individuals can enroll through the Experian IdentityWorks website using the personal activation code included in their notification letter. The deadline to enroll is July 31, 2026.

JC Resorts has set up a dedicated phone line for questions about the incident at 833-918-0879, available Monday through Friday from 9 a.m. to 9 p.m. Eastern Time, excluding U.S. holidays.

Affected individuals may also write to the company at 533 Coast Blvd. South, La Jolla, CA 92037, attention John Doane, president of JC Resorts.

Steps to take if your information was exposed

• Place a credit freeze with all three major credit bureaus. Because Social Security numbers were involved in this breach, a credit freeze is one of the strongest steps to prevent new accounts from being opened fraudulently; contact Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355).

• Set up a fraud alert with one of the three credit bureaus. An initial fraud alert lasts one year, requires businesses to verify identity before issuing new credit and will automatically be shared with the other two bureaus.

• Request and review free credit reports. Free annual credit reports from Equifax, Experian and TransUnion are available at AnnualCreditReport.com or by calling 1-877-322-8228, and affected individuals should look for unfamiliar accounts or inquiries.

• Monitor bank accounts, credit card statements and other financial records closely. Watch for any unauthorized transactions or unfamiliar activity that could signal someone is misusing personal information.

• Be cautious of phishing attempts that reference JC Resorts or this breach by name. Scammers often use details from publicized data breaches to craft convincing emails, phone calls or text messages designed to steal additional personal information.

• Report suspected identity theft to the FTC and local law enforcement. Consumers can file a report at IdentityTheft.gov or by calling 1-877-438-4338.