CWT Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating CWT Travel Holdings, Inc. regarding its recent data breach. The CWT data breach involved sensitive personal identifiable information belonging to over 2,700 individuals.


CWT is a travel management company specializing in business travel and meeting organization. Founded in 1994, CWT partners with businesses to offer services including leisure and business travel arrangements, meetings and events, and digital business travel. Additionally, CWT specializes in B2B4E, or “business to business for employees” travel.2 Headquartered in Minnetonka, Minnesota, CWT is one of the leading travel agencies in the country. In fact, CWT boasts 151 years of history in the travel industry, with its company origins tracing back to 1872. With a presence in nearly 140 countries, CWT employs approximately 18,000 people and boasts an annual revenue of $1.5 billion.3


On August 2, 2023, CWT discovered that it had experienced a data breach in which the sensitive personal identifiable information in its systems may have been accessed. Through its investigation, CWT determined that an unauthorized actor may have accessed this sensitive information through a vulnerability in the MOVEit file sharing platform between May 28 and May 29, 2023. On September 22, 2023, CWT began contacting individuals whose information may have been impacted. The type of information exposed includes:

  • Name
  • Social Security number

If you received a breach notification letter from CWT Travel Holdings, Inc.:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the CWT data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review the breach notice and retain a copy;
  2. Enroll in free credit monitoring service provided by CWT Travel Holdings, Inc.;
  3. Change passwords and security questions for online accounts;
  4. Regularly review account statements for signs of fraud or unauthorized activity;
  5. Monitor credit reports for signs of identity theft; and
  6. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: