The Historic Thayer Hotel (“Thayer,” “we,” “our,” or “us”) is providing notice of an event that may have impacted the personal information of certain individuals. The privacy and security of the personal information we maintain is of the utmost importance to us, and we are providing this notice with details about the incident, our response, and resources available to individuals to help protect their information.
What Happened. On September 19, 2025, we experienced unauthorized access to our computer systems. Upon discovery, we immediately took steps to (i) recover from the event, including restoring our own access to our systems, (ii) secure our systems against similar events, and (iii) notify law enforcement. This occupied the time of our entire IT staff for several days. Once access to our systems was restored, we launched an investigation with the assistance of third-party forensic specialists and cybersecurity professionals into the nature and scope of the activity. This included analyzing voluminous data to determine the scope of the event and to identify individuals whose personal information may have been impacted and the nature of any such impacted information. The investigation was complex and time-consuming. On or about October 17, 2025, we were able to preliminarily determine the names of individuals residing in the United States whose information was impacted and the location of those individuals. The investigation was completed for individuals residing in the United States on October 17, 2025.
What Information Was Involved. The investigation determined that the information exposed includes individual’s names in combination with one or more of the following data elements: driver’s license number, passport number, date of birth, and/or state identification card number. A very small number of individuals may have also had their Social Security number impacted.
What We Are Doing. We take this incident very seriously. In addition to the above, we are notifying affected individuals and providing resources to help protect their information. We are also notifying appropriate regulators and others as required by governing law. As of the date of this notice, we are not aware of any identity theft or fraud occurring as a result of this event.
Out of an abundance of caution, we have secured the services of Kroll Security to provide credit monitoring services where appropriate at no cost to affected individuals for twelve (12) months.
We are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We are in the process of implementing additional safety measures to prevent a recurrence of such an incident and to protect the privacy of personal information that we maintain. We also continually evaluate and modify our practices and internal controls to enhance the security and privacy of personal information that we maintain.
