Nobu Restaurant Group Data Breach Exposes Sensitive Personal and Health Information

Nobu Restaurant Group Holding Co. LLC, the operator behind the globally recognized Nobu restaurant and hotel brand, disclosed a data breach involving unauthorized access to its computer systems in October 2025.

The breach was reported to the California and Texas attorney general on April 17, 2026, and 280 Texas residents were identified as affected. The company notified affected individuals by U.S. Mail, with notification letters dated April 17, 2026.

What happened in the Nobu data breach

The breach was the result of a ransomware attack on Nobu's computer systems.

The company's investigation determined that data stored on those systems may have been viewed or taken without authorization between Oct. 6, 2025, and Oct. 7, 2025. Nobu reviewed the data involved to determine whether it contained sensitive information and to identify individuals whose information may have been affected.

On Nov. 5, 2025, approximately one month after the breach occurred, a ransomware group known as Akira claimed responsibility for the attack on the Tor dark web network. The group claimed to have obtained 71 gigabytes of data from the organization, comprising of employee information, owner information such as passports, driver's licenses and Social Security numbers, detailed financial records, confidential files and non-disclosure agreements.

According to official disclosures, the personally identifiable information confirmed to have been exposed in the breach included names, Social Security numbers, driver's license numbers, government-issued identification numbers (such as passports and state ID cards) and financial information (such as account numbers and credit or debit card numbers).

The breach also involved protected health information, including medical information and health insurance information.

Nobu's response to the breach

Nobu is providing affected individuals with 12 months of complimentary credit monitoring and identity restoration services through Cyberscout, a TransUnion company that specializes in fraud assistance and remediation.

To enroll, affected individuals can visit Cyberscout's activation page and enter the unique code provided in their notification letter. Enrollment must be completed within 90 days of the date of the letter.

The credit monitoring service includes single-bureau credit monitoring, a single-bureau credit report and a single-bureau credit score. Nobu is also providing proactive fraud assistance to help affected individuals with questions or in the event that they become a victim of fraud.

Nobu has set up a dedicated assistance line for questions about the incident. The line is available Monday through Friday from 8 a.m. to 8 p.m. Eastern time, excluding major U.S. holidays. The phone number for the assistance line is included in each individual's notification letter.

Affected individuals may also write to Nobu at 40 West 57th St., Suite 320, New York, NY 10019.

Steps to take if information was exposed in the Nobu breach

• Place a credit freeze or fraud alert with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to help prevent unauthorized accounts from being opened.
• Request free credit reports at AnnualCreditReport.com and review them for any accounts or activity that seem unfamiliar.
• Monitor bank and credit card statements closely for unauthorized transactions, since financial account and payment card numbers were involved in this breach.
• Review medical and health insurance statements for claims or services that were not authorized, as medical and health insurance information were among the data exposed.
• Consider requesting replacement identification documents such as a new driver's license or state ID, since government-issued identification numbers were compromised.
• Be cautious of phishing attempts that reference Nobu or this data breach by name, as scammers may use the incident to trick people into sharing additional personal information.