Toast Inc. Data Breach Exposes Restaurant Employee Info

Published

September 8, 2025

Updated

September 8, 2025

Toast

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

Toast Inc., a provider of point-of-sale systems and payroll software for thousands of restaurants, experienced a data breach. On or around July 16, 2025, Toast experienced unauthorized access to its payroll system, exposing the personal information of Wusong Road LLC employees.

Compromised employee information included names, addresses, Social Security numbers and bank account and routing numbers. According to Wusong Road LLC, Toast failed to respond to their client or take responsibility for the cybersecurity incident.

The total number of affected Toast restaurants and restaurant employees, has not been released. Wusong Road LLC took action and notified its affected employees by mail on July 21, 2025.

The data breach was also disclosed to the Massachusetts Attorney General's office and the New Hampshire Attorney General on Sept. 5, 2025. Affected individuals include 120 Massachusetts residents and one in New Hampshire.

Toast Inc and Wusong Road's response

In the wake of the breach and with no response from Toast, Wusong Road LLC took steps to protect its employees. The company locked down its Toast system, reset login credentials, required password changes across all services and activated multi-factor authentication.

Announcements and in-person meetings were held to walk staff through safety procedures, and employees were required to confirm their actions via email. To further secure payroll, Wusong Road LLC issued paper checks for the July 25 payroll while the safety of Toast’s direct deposit system was assessed.

If you believe your personal information may have been compromised in this breach:

Carefully review any notice or communication you receive from Toast Inc.
Monitor financial accounts and credit reports for signs of identity theft.
Consider placing fraud alerts or credit freezes with the major credit bureaus.
Be cautious of unsolicited emails or phone calls requesting personal information.

For more information about the restaurant services company, visit the Toast Inc. website.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.