Meritage Hospitality Data Breach Exposes SSNs

Meritage Hospitality Group, a restaurant group with 375 restaurants operating in 16 states, experienced a data breach. The cyberattack took place on July 8, 2025 and compromised personally identifiable information (PII).

The company has not publicly detailed the method of the cyberattack, or the exact personal data compromised, aside from names and Social Security numbers. Additional exposed information may include addresses, dates of birth, Social Security numbers, driver's license numbers, health insurance information and financial information.

Meritage Hospitality Group began notifying affected individuals by mail on Nov. 3, 2025. The total number impacted by the data breach has not been released, but is believed to include thousands of Wendy's and Morning Belle current and former employees.

The cybersecurity incident was also disclosed to the Massachusetts Attorney General's office on Nov. 7, 2025. The exposure of social security numbers is considered highly sensitive and can increase the risk of identity theft for affected individuals.

Meritage Hospitality Group's response

In addition to required state and federal disclosures, Meritage Hospitality Group is offering affected individuals 24 free months of Equifax ID Watchdog identity theft protection services, which includes up to $5 million in identity theft insurance.

If you receive a data breach notice from Meritage Hospitality Group, you may want to:

• Sign up for the free identity theft protection services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.