JC Resorts Data Breach Lawsuit Investigation, April 2026 Notices
Received an April 2026 breach notice from JC Resorts?
Dapeer Law, P.A. is investigating a potential class action against JC Resorts LLC, a California hospitality operator that runs hotels, golf courses, and vacation properties, on behalf of guests, employees, and other individuals whose personal information may have been copied from the company's network during a January 2026 cyber intrusion.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a data breach notification letter from JC Resorts dated on or about April 28, 2026.
- You enrolled, or plan to enroll, in the complimentary 24-month Experian credit monitoring and identity protection services using the activation code printed in your letter.
- You stayed at, made a reservation with, or otherwise had personal information held by a JC Resorts hotel, golf course, or vacation property at any time before the January 2026 incident, including guests, loyalty program members, employees, contractors, and vendors.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
On April 28, 2026, JC Resorts LLC filed a notice of data event with the California Office of the Attorney General disclosing that an outside actor viewed and copied files stored on its computer network. According to the company's notice, JC Resorts detected unauthorized activity on its network, immediately engaged outside cybersecurity specialists, and worked with the specialists to investigate the scope of the incident. The forensic investigation determined that on January 19, 2026, an unauthorized actor accessed and copied certain files from the network. JC Resorts has described the unauthorized activity as a single-day event and reports that it has restored system functionality and implemented additional safeguards.
After containing the incident, JC Resorts launched a thorough review of the affected files to determine what specific information had been involved and to identify the individuals associated with that information. The company's review confirmed that affected files included names along with additional categories of personal information enumerated in each recipient's individual notice letter. JC Resorts is offering 24 months of complimentary credit monitoring and identity protection services through Experian to every individual who receives a notification letter, and states that it has no evidence at this time that any of the impacted information has been used to commit identity theft or fraud. The notice does not specify the total number of individuals impacted.
Roughly three months passed between the January 19, 2026 intrusion and the April 28, 2026 notice filing. Several state breach notification statutes and consumer protection laws require timely notice to affected residents, often within 30 to 60 days of discovery. Because JC Resorts operates hotels, golf courses, and vacation properties across California, the affected files may include data common to hospitality reservations such as contact details, identification information, loyalty program records, and payment information stored on file. Dapeer Law is evaluating whether the multi-month notification delay, the company's decision to itemize categories only in individual letters rather than the public notice, and the security controls in place at the time of the intrusion support class claims for negligence, breach of implied contract, and statutory violations on behalf of guests, employees, vendors, and any other individuals whose data was held on the affected systems.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter contains the activation code you will need to enroll in the complimentary Experian credit monitoring and identity protection services, and it is important evidence if you decide to participate in a lawsuit.
Activate the complimentary 24-month Experian credit monitoring
Use the activation code printed in your notice to enroll in the credit monitoring and identity protection services offered through Experian. Enroll before the deadline printed in your letter. Accepting this benefit does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's identity theft recovery guide. Because the categories of data involved are itemized in individual letters rather than the public notice, also review your bank, credit card, and any JC Resorts loyalty program or reservation account statements regularly, set up real-time transaction alerts, and watch for unfamiliar new accounts opened in your name.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options under California's Customer Records Act and Consumer Privacy Act and other state breach notification, consumer protection, and unfair-trade-practice laws, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, fraudulent loyalty point redemptions, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes, including the California Consumer Privacy Act, provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring JC Resorts to implement stronger network security, encryption, and access controls so that guest, employee, and vendor data is better protected against future intrusions.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from JC Resorts. What should I do? +
Keep the original notice letter, since it contains the activation code for the complimentary 24-month Experian credit monitoring and identity protection services and is important evidence if you choose to pursue legal action. Enroll in the offered credit monitoring before the deadline printed in your letter, place a fraud alert or freeze with Equifax, Experian, and TransUnion, watch your bank, credit card, and any JC Resorts loyalty or reservation accounts for unfamiliar activity, and contact a data breach attorney for a free, confidential review of your options.
Am I eligible to join a class action against JC Resorts? +
You may qualify if you received a JC Resorts breach notification letter dated on or about April 28, 2026, or if your personal information was held by a JC Resorts hotel, golf course, or vacation property at the time of the January 19, 2026 incident. Eligibility depends on the state where you live, the categories of data exposed in your individual letter, and any documented losses or out-of-pocket expenses you have incurred. Dapeer Law evaluates eligibility at no cost.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
JC Resorts' notice to the California Attorney General confirms that affected files included individuals' names along with additional categories of personal information specified in each recipient's individual letter. Because JC Resorts operates hotels, golf courses, and vacation properties, the affected files may include data common to hospitality reservations such as contact information, identification details, loyalty program records, and payment information stored on file. Check the data categories listed on your specific notice letter for the categories that apply to you.
Did JC Resorts offer free credit monitoring? +
Yes. JC Resorts is offering 24 months of complimentary credit monitoring and identity protection services through Experian to every individual who receives a notification letter. Enroll before the deadline printed in your letter using the activation code provided. Enrolling does not waive your right to participate in a class action.
How many people were affected by the JC Resorts breach? +
JC Resorts' notice to the California Attorney General does not specify the total number of individuals impacted. The figure may be reported separately to other state regulators depending on the residency of affected individuals. This page will be updated as more information becomes public.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
JC Resorts filed its notice of data event with the California Office of the Attorney General. The PDF is publicly available on the California Attorney General's data breach reporting portal at oag.ca.gov. If you need help locating the document or interpreting the data categories listed in your individual letter, Dapeer Law can review the filing with you at no cost.
Sources & references
- Official breach notice filing · California Office of the Attorney General, JC Resorts LLC Notice of Data Event (PDF)
- Defendant · JC Resorts LLC (jcresorts.com)
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC consumer identity theft guide
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
