Red Roof Inns Responsible for September 2023 Data Breach, Class Action Claims

New to ClassAction.org? Read our Newswire Disclaimer

Red Roof Inns, Inc. faces a proposed class action over a September 2023 data breach that reportedly affected at least 27,327 individuals, including current and former employees and applicants.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 35-page lawsuit alleges the economy hotel chain failed to implement “basic” data security measures, resulting in the unauthorized access of employees’ and applicants’ private information between September 21 and September 23 of this year.

According to the case, the Red Roof data breach compromised victims’ names, dates of birth, Social Security numbers, driver's license numbers, passport numbers, financial account numbers, credit and/or debit card numbers, medical information and health insurance details.

The complaint says that although the defendant “knew or should have known” that its computer network would be targeted by hackers in light of the considerable increase in data breaches against employers in recent years, Red Roof neglected to take the necessary precautions to safeguard the highly sensitive data it collects as part of its business operations.

Moreover, the case says that Red Roof’s negligence has exposed affected individuals to an “imminent, immediate, and continuing” risk of identity theft and fraud. Victims must now spend a significant amount of time, energy and money to protect themselves from the potential misuse of their information, the filing says.

The complaint further charges that the company failed to provide impacted employees and applicants with timely and adequate notice of the incident. Red Roof’s December 8 notice letter—which was sent over two months after the hotel chain claims to have discovered the breach on September 23—offers no assurance that all personal data or copies thereof have been recovered or destroyed, or that the company has since upgraded its cybersecurity practices to prevent a future breach, the complaint says.

“As a direct and proximate result of Red Roof’s actions and inactions, Plaintiff and Class Members have suffered a loss of privacy and have suffered cognizable harm, including an imminent and substantial future risk of harm,” the case summarizes.

The lawsuit looks to represent anyone in the United States who was impacted by the data breach experienced by Red Roof Inns, Inc., including all who were sent a notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.