Red Roof confirmed that the organization experienced a data breach in late September of 2023. 

On September 23, 2023, Red Roof detected suspicious activity within its systems. The activity was soon identified as bearing the hallmarks of a ransomware attack, including the encryption of a limited subset of Red Roof data.

Red Roof's investigation found that an unauthorized actor gained access to a number of Red Roof's systems before deploying ransomware. The investigation was also able to confirm that a limited amount of data was copied from Red Roof's network. There is currently no indication that any Information has been misused for identity theft or fraud in connection with this Incident.

The breach did not involve any Red Roof guest data. Red Roof determined that the categories of personal information in the copied data included, but were limited to, name, date of birth, social security number, driver's license number, passport number, financial account number, credit and/or debit card number, medical information and health insurance information.