Sapp Bros. Data Breach Affects 16,292 Individuals Exposing Social Security Numbers

Omaha based, Sapp Bros., an operator of travel centers, recently experienced a data breach that impacted employees and possibly customers. On Aug. 25, 2025, an unauthorized actor gained access to information stored on the Sapp Bros. network.

The breach was attributed to a hacking group known as Worldleaks, which claimed responsibility for leaking the data on the dark web on Sept. 23, 2025. The compromised data primarily involved employee information, but the full extent of affected parties is still being clarified.

Through a combination of programmatic and manual review, it was determined on Nov. 10, 2025, that personally identifiable information (PII) was among the data accessed by the attacker. The information exposed included full names, addresses, Social Security numbers, demographic information and, in some cases, driver’s license numbers.

The breach affected approximately 16,292 individuals nationwide, including 1,741 Iowa residents and seven Montana residents, as reported in the disclosure to the Iowa Attorney General and the Montana Attorney General on Dec. 11, 2025.

Sapp Bros' response

To support those affected, Sapp Bros. has arranged for free credit monitoring and identity protection services through IDX for 12 months. Impacted individuals can enroll in these services until March 10, 2026.

If you receive notification from Sapp Bros. or your provider about this breach, you may want to:

• Sign up for the free IDX identity theft protection services, offered by Sapp Bros.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.