Red Roof Provides Notice of Security Incident

Confirms that Incident did not Involve any Guest Data

NEW ALBANY, Ohio, Dec. 8, 2023 /PRNewswire/ — Red Roof confirmed today that they experienced a data incident on September 23, 2023 and issued notices to potentially-affected individuals and relevant state agencies about the incident.  

What Happened? 

On September 23, 2023, Red Roof detected suspicious activity within its systems and immediately began an investigation. The activity was soon identified as bearing the hallmarks of a ransomware attack, including the encryption of a limited subset of Red Roof data. Upon discovery, Red Roof immediately took the affected systems offline and began working to remedy the situation, including resetting passwords and reporting the situation to federal law enforcement. As a result of its incident response measures, Red Roof successfully confined the unauthorized access to only a small number of systems compared to its overall infrastructure.

Red Roof engaged leading data security professionals to support its investigation and response. Red Roof’s investigation found that an unauthorized actor gained access to a limited number of Red Roof’s systems before deploying ransomware. The investigation was also able to confirm that a limited amount of data was copied from Red Roof’s network. Accordingly, Red Roof analyzed the relevant data to confirm the identities of individuals whose information was potentially involved for the purpose of sending this notification. There is currently no indication that any Information has been misused for identity theft or fraud in connection with this Incident.

What Information Was Involved?  

Red Roof can confirm that the Incident did not involve any Red Roof guest data. Red Roof determined that the categories of personal information in the copied data included, but were limited to, name, date of birth, social security number, driver’s license number, passport number, financial account number, credit and/or debit card number, medical information, and health insurance information. Please note that the circumstances are different for each individual. This notice describes the general categories of information involved in the incident, and not every category applies to each individual. 

What Red Roof Is Doing. 

Upon becoming aware of the unauthorized activity, Red Roof immediately implemented measures to further improve the security of Red Roof’s information technology systems and practices, including implementing software and hardware to prevent, detect, and respond to unauthorized activity, resetting and strengthening passwords, implementing new risk management protocols, and adopting new network access policies. Red Roof worked with leading cybersecurity experts to aid its investigation and response, and Red Roof reported this incident to relevant government agencies and federal law enforcement.

Additionally, although Red Roof is not aware of any misuse of any affected individuals’ Information for identity theft or fraud in relation to the Incident, Red Roof is offering credit monitoring services free of charge to potentially affected individuals for 24 months. Towards that end, we secured the services of IDX, a ZeroFox Company, to provide identity monitoring services including Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.

What Individuals Can Do.

Red Roof encourages potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their free credit reports for suspicious activity and to detect errors. 

Potentially affected individuals can also enroll in the credit monitoring services that Red Roof is offering at no cost.  

Potentially affected individuals seeking additional information, including information about whether their Information was involved and their eligibility for complimentary credit monitoring, may call Red Roof’s toll-free assistance line at 1-888-566-6357, Monday through Friday from 9am– 9pm Eastern Time.

Other Important Information

Under U.S. law, individuals are entitled to 1 free credit report annually from each of the 3 major credit reporting bureaus. To obtain a free credit report, individuals may visit or call, toll-free, 1-877-322-8228. Alternatively, affected individuals can contact the 3 major credit reporting bureaus directly at the addresses below. 







Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069 

Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013 

TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016 

Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 

Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013 

TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094 

Moreover, information regarding identity theft, fraud alerts, security freezes, and the steps an individual can take to protect personal information may be obtained by contacting the consumer reporting agencies, the Federal Trade Commission, or the appropriate state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580;; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Individuals can obtain further Information on how to file such a complaint by calling 1-877-438-4338. Individuals should file a police report if they are a victim of identity theft or fraud. To file a report with law enforcement for identity theft, an individual will likely need to provide some proof that they have been a victim.


Originally published at
Images courtesy of