Strauss Borrelli PLLC, a leading data breach law firm, is investigating Soapy Joe’s Car Wash (“Soapy Joe’s”) regarding its recent data breach. The Soapy Joe’s data breach involved sensitive personal information belonging to an undetermined number of individuals.
ABOUT SOAPY JOE’S CAR WASH:
Soapy Joe’s is a car wash company based in California. Founded in 2011, Soapy Joe’s provides a range of car wash services, including washes, water protection, car waxes, vacuuming, air fresheners, and more.2,3 Headquartered in Santee, California, Soapy Joe’s employs over 500 individuals and operates more than 20 locations.2,3
WHAT HAPPENED?
Recently, Soapy Joe’s reported to the Attorney General of California that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on October 6, 2025, Soapy Joe’s became aware of unusual activity involving a limited portion of its corporate network.1 As a result, Soapy Joe’s launched an investigation to determine the nature of the incident.
Through its investigation, Soapy Joe’s confirmed that sensitive personal information in its care may have been accessed and acquired by an unauthorized third party during the breach. As a result, Soapy Joe’s began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The exact type of personal information potentially exposed has not been made publicly available by Soapy Joe’s. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license number, California identification card number, tax identification number, passport number, military identification number, or other unique identification number issued on a government document
- Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- Medical information
- Health insurance information
- Unique biometric data such as a fingerprint, retina, or iris image, used to authenticate a specific individual
- Information or data collected through the use or operation of an automated license plate recognition system
- Genetic data
On December 29, 2025, Soapy Joe’s began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to California residents, Soapy Joe’s is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that Soapy Joe’s filed with the Attorney General of California is below.
If you received a breach notification letter from Soapy Joe’s Car Wash:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
