
Pyramid Global Hospitality Breach
Sep 23, 2025
58,175 rows
What happened in the Pyramid Global Hospitality Breach?
DataBreach.com Team · September 28th 2025, 8:00 pm EDT
In late September 2025, Pyramid Global Hospitality, a Boston-based hotel and resort management company, was named on the data leak site of WorldLeaks, a ransomware group that evolved from Hunters International earlier in the year. The group claimed to have exfiltrated sensitive corporate and personnel records. Days later, leaked archives appeared online, and analysis by DataBreach.com confirmed that the cache contained a large volume of what is likely current and former employee personal information.
Our review of the files revealed 52,100 unique Social Security numbers, 48,800 home addresses, 58,200 unique email addresses, and 34,700 phone numbers. The presence of SSNs strongly suggests that the data belongs to current and former employees and contractors, rather than hotel guests.
Pyramid Global Hospitality manages more than 240 properties worldwide under brands including Benchmark Resorts & Hotels, with a corporate office at 30 Rowes Wharf, Boston, MA. With a workforce of over 15,000, the company is a significant player in the hospitality sector, making the exposure of HR and payroll data particularly impactful.
---
Breach Unveiled
- September 23, 2025: WorldLeaks adds Pyramid Global Hospitality to its leak site.
- September 25, 2025: Breach monitoring platforms begin listing the incident.
- Late September 2025: WorldLeaks posts data archives online. Independent parse confirms exposure of SSNs, home addresses, emails, and phone numbers.
- As of September 29, 2025: No consumer-notification letter yet appears on the Massachusetts Attorney General’s OCA portal, despite the company being headquartered in Boston.
---
Pyramid’s Response and Remediation
As of this writing, Pyramid has not issued a public statement on the WorldLeaks posting or the leaked data. There is no mention of the breach on the company’s corporate or Benchmark brand websites. Similarly, no disclosures have been filed with state attorneys general or federal regulators, which suggests that internal investigation and legal review may still be ongoing.
Class-action exposure is also highly likely. U.S. courts have consistently treated the theft of SSNs and home addresses from employer HR systems as sufficient to support standing in data-breach suits. Similar hospitality-sector cases (e.g., Marriott, Omni Hotels, and Hyatt) have drawn consolidated employee and consumer actions, often alleging negligence, breach of implied contract, and violations of state consumer-protection statutes. For Pyramid, with more than 50,000 SSNs exposed, plaintiffs’ firms will almost certainly file in federal court, and cases could be centralized via the Judicial Panel on Multidistrict Litigation if filings span multiple districts.
**
---
Impact on Employees
The exposure of SSNs, home addresses, and contact details puts current and former employees at high risk for identity theft, tax refund fraud, and unemployment-benefit fraud. Unlike guest-facing breaches common in the hospitality sector, this incident appears to center on HR, payroll, and corporate finance systems.
---
About the Threat Actor
WorldLeaks is a relatively new extortion-only outfit, descended from the Hunters International brand. Unlike traditional ransomware crews that encrypt systems, WorldLeaks focuses on stealing sensitive files and leveraging them for ransom. In 2025, the group has claimed responsibility for several high-profile breaches, including technology and defense contractors, consistently targeting repositories of HR and finance data.
---
What’s Next
The key questions now are:
- When Pyramid will notify employees and regulators.
- Whether additional archives will be released by WorldLeaks.
- How Pyramid will address the employee impact, given the exposure of tens of thousands of SSNs and addresses.










