Morning Star Tours Data Breach Investigation
Morning Star Tours has reported a data incident that may have involved sensitive personal information. According to public filings, the matter relates to activity reported on April 22 and April 23, 2026, and notice materials were later provided to regulators. If you received a notice letter, you should review it carefully and take steps to protect your identity and financial accounts. You can also fill out the form on this page to contact Strauss Borrelli PLLC and see whether you may qualify for a claim.
Morning Star Tours is identified in public filings as a Texas-based organization in the religious institution sector. Publicly available details are limited, so the information below is drawn from regulatory filings and notice materials. If you received a letter about this matter, reviewing the reported data elements and taking protective steps promptly is a sensible next step.
Key Facts at a Glance
- Organization: Morning Star Tours
- Industry: Religious institution
- Location: Texas
- Incident type: Reported Hacking/IT Incident
- Reported incident dates: April 22-23, 2026
- Notice/report date: May 31, 2026, according to the California Attorney General listing
- Public listing date: June 1, 2026
- Individuals affected: 18,997
- Information reported as involved: Name, Social Security number, date of birth, and passport number
- Regulatory context: Public materials indicate reporting associated with California and state attorney general filings in Texas and Vermont
What Happened?
According to a California Attorney General breach listing, the company reported a data security matter classified as a hacking/IT incident. The listing identifies April 22 and April 23, 2026, as the reported date range and shows a report date of May 31, 2026.
At this time, the publicly accessible record appears limited. The available filing does not clearly explain how the activity was discovered, how long unauthorized access may have lasted, or whether any particular system was encrypted or restored before notice was sent. Because those details may change as an investigation continues, affected individuals should rely on the notice they received and any later updates from the organization or regulators.
What Information Was Exposed?
Regulatory data indicates the personal information reported as involved may have included:
- Name
- Social Security number
- Date of birth
- Passport number
These data points can be sensitive because they may be used for identity theft, account fraud, tax-related misuse, or attempts to open new accounts in someone else's name. If your Social Security number or passport number was listed in your letter, it is wise to take the notice seriously even if you have not seen fraud yet.
What Should You Do Next?
- Read your notice carefully. Confirm what information was listed for you, when the organization says the incident occurred, and whether any free credit monitoring or identity protection was offered.
- Check your credit and consider stronger protections. Review your reports at AnnualCreditReport.com. If highly sensitive data was involved, consider placing a fraud alert or a security freeze with the major credit bureaus.
- Monitor financial and government-related activity. Watch bank accounts, credit card statements, insurance communications, and tax records for unfamiliar activity. If something looks wrong, report it promptly.
- Document everything. Keep the notice letter, screenshots, account statements, and a timeline of any suspicious events. Good records can help if problems surface later.
- Report identity theft quickly if it happens. The FTC's IdentityTheft.gov can help you create a recovery plan and documentation if you notice misuse of your information.
- Ask about your options. If you received a notice and want to understand whether you may have a claim, you can fill out the form on this page to contact Strauss Borrelli PLLC.
Your Legal Rights
People affected by a reported data incident may have legal rights, but those rights depend on the facts, the notice language, and the laws of the state involved. In some situations, individuals may be able to seek reimbursement for certain out-of-pocket losses, time spent responding to fraud, or other damages if unreasonable data security practices are later shown.
You may also have the right to receive timely notice, clear information about the categories of data involved, and details about any protective services being offered. A lawyer can help evaluate whether the known facts support a claim and what documentation may be useful, without requiring you to make assumptions about the case on your own.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents individuals in data breach and privacy incident matters and understands how to analyze notice letters, regulator filings, and the practical harms that can follow identity-data exposure. Our team aims to explain the process in plain language, investigate whether the facts support legal claims, and help clients pursue accountability when appropriate.
If you received notice about this reported incident and want to understand your options, contact Strauss Borrelli PLLC for a free, no-obligation review.
If you received a breach notification letter from Morning Star Tours:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
