Nobu Restaurants Breach Exposes SSNs, Passports, and Health Data of 280 Texans

**TL;DR:** Nobu Restaurants disclosed a breach affecting 280 Texas residents after Akira ransomware claimed to have stolen 71 GB of data in November 2025. Exposed information includes names, Social Security numbers, passports, health insurance details, and payment card data.

## Context Nobu Restaurant Group Holding Company LLC operates the upscale Japanese restaurant chain worldwide. On April 17, 2026, the company filed a breach notice with the Texas Attorney General, confirming that 280 Texas residents had their personal data compromised. The disclosure followed a claim made on November 5, 2025, by the Akira ransomware group on a Tor‑hidden site, where they asserted they had exfiltrated 71 gigabytes of Nobu’s internal files.

## Key Facts The compromised data set contains names, Social Security numbers, driver’s license numbers, passport numbers, state identification numbers, credit and debit card numbers, and protected health information such as medical records and health insurance details. Akira’s claim of 71 GB aligns with the volume of sensitive files typically taken in double‑extortion ransomware attacks.

Although Nobu has not disclosed the exact intrusion method, Akira’s known tactics include phishing emails (T1566), abuse of valid credentials (T1078), lateral movement via remote services, and large‑scale data exfiltration before encryption (T1041, T1486). The group frequently exploits unpatched VPN appliances (e.g., CVE‑2023‑27997) to gain initial foothold.

## What It Means For the 280 affected Texans, the breach raises immediate risks of identity theft, fraudulent financial transactions, and medical‑insurance abuse. Nobu has begun notifying victims by U.S. Mail and advises recipients to monitor accounts, place fraud alerts, and consider credit freezes. Regulatory scrutiny from the Texas Attorney General may lead to fines or mandated security upgrades, while the public disclosure could affect Nobu’s brand reputation and customer trust.

## Mitigations Organizations should enforce multi‑factor authentication on all remote access points and patch VPN and firewall appliances against known vulnerabilities such as CVE‑2023‑27997. They should disable unnecessary SMBv1 and RDP exposure, deploy endpoint detection and response tools to flag credential dumping and unusual outbound traffic, and implement network segmentation to limit lateral movement. Maintaining offline, encrypted backups tested for restore and monitoring dark‑web leak sites for Akira‑related posts are also critical.

## What to Watch Next Watch for any further data releases by Akira on leak sites, updates from the Texas Attorney General’s investigation, and Nobu’s post‑breach security remediation announcements.