What Happened in the Windward Life Care Data Breach?
Windward Life Care, a San Diego-based company that provides aging life care management and in-home caregiving services, has confirmed a data breach affecting sensitive personal information. The company discovered unusual activity within its network environment on or about Dec. 8, 2025. This discovery prompted an immediate internal review to understand the scope of the incident.
According to the investigation, unauthorized activity in the network is believed to have started on that same date, Dec. 8, 2025. As a result, Windward Life Care retained legal counsel and third-party forensic specialists to examine what happened. The Windward Life Care data breach later became public when a ransomware group calling itself Sinobi posted a claim on the dark web on Jan. 5, 2026.
Sinobi claimed to have obtained 25 gigabytes of data from Windward Life Care, including customer records, incident reports and contracts. The group also threatened to publish the stolen files within nine to 10 days unless demands were met. Because of this threat, the company moved quickly to assess exactly what information had been affected.
Following the forensic investigation, Windward Life Care determined that an unauthorized individual may have viewed or copied certain files. The company then began a detailed review of the compromised data to identify specific individuals impacted. This review concluded on April 6, 2026, allowing the company to finalize its notification process shortly after.
Who was affected?
The Windward Life Care data breach may affect current and former clients, patients and possibly employees connected to the company’s caregiving and home health nursing services. Since Windward Life Care specializes in care for older and disabled adults, many of the affected individuals are likely part of a vulnerable population that depends on consistent, trustworthy support.
At this time, the exact number of people affected has not been publicly disclosed. However, the breach was reported to attorneys general in California, Maine, New Hampshire and Vermont, suggesting the impact extends across multiple states. Because Windward Life Care provides services to elderly and disabled clients, some affected individuals may need extra help navigating the recommended protective steps.
What Information Was Potentially Exposed?
The data compromised in this breach includes a wide mix of personal and health-related information. This combination raises the risk level significantly, since the exposed categories go well beyond basic contact details.
- Full names
- Social Security numbers
- Driver’s license numbers
- Taxpayer identification numbers
- Passport information
- Patient identification numbers
- Personal identification numbers
- Financial account numbers
- Debit or credit card numbers
- Home addresses
- Handwriting or electronic signatures
- Medical information
- Health insurance information
- Usernames and email addresses
- Other account access information
Given this range of data, affected individuals face a heightened risk of identity theft and financial fraud. For example, Social Security numbers combined with driver’s license numbers can allow criminals to open new credit accounts or file fraudulent tax returns. In addition, exposed financial account and card numbers could lead directly to unauthorized charges or drained accounts.
Beyond financial harm, the exposure of medical information and health insurance details creates the possibility of medical identity theft. This means someone could use stolen health data to receive treatment, obtain prescriptions or submit fraudulent insurance claims under another person’s name. Because passport information was also involved, some individuals may face risks tied to international identity fraud as well.
What is the company doing?
After discovering the breach, Windward Life Care acted by launching a forensic investigation with the help of outside cybersecurity specialists. This step allowed the company to determine what data was accessed and how the intrusion occurred. As a result, the company was able to notify affected individuals once its review was complete.
To help reduce harm, Windward Life Care is now offering at least 12 months of complimentary single-bureau credit monitoring, credit report access, credit score tracking and identity theft restoration services through Cyberscout, a TransUnion company. The company is also providing proactive fraud assistance for anyone with questions or concerns. Affected individuals can enroll using the unique code included in their notification letter, though enrollment must be completed within 90 days of that letter’s date.
In addition, Windward Life Care has set up a dedicated assistance line to answer questions about the breach. The line operates Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, excluding major U.S. holidays. Individuals calling for help should have their notification letter available, since it contains the specific enrollment code needed for the protective services.
What Should Affected Individuals Do?
Monitor Your Credit Reports
Anyone affected by the Windward Life Care data breach should regularly review their credit reports for signs of fraud. Because Social Security numbers and financial data were exposed, new accounts could appear without warning.
You can request free credit reports through AnnualCreditReport.com. Checking these reports often makes it easier to catch unfamiliar accounts or inquiries before they cause lasting financial damage.
Consider a Credit Freeze or Fraud Alert
Because Social Security numbers, driver’s license numbers and financial account information were involved, placing a credit freeze or fraud alert is a smart precaution. This step can prevent criminals from opening new credit lines using your identity.
You can contact Equifax, Experian and TransUnion directly to set this up. A credit freeze restricts access to your credit file, while a fraud alert requires lenders to verify your identity before approving new credit.
Protect Your Medical and Health Insurance Information
Since medical information and health insurance details were exposed, it’s important to review insurance statements closely. Unfamiliar charges or services could indicate medical identity theft.
If you notice anything suspicious, contact your health insurance provider immediately. Catching fraudulent claims early can help prevent complications with your actual medical records and coverage.
Watch for Phishing and Passport-Related Fraud
Scammers often use news of a data breach to craft convincing phishing messages. As a result, you should be cautious of any calls, emails or texts referencing Windward Life Care or this breach specifically.
If your passport information was included in the exposed data, consider contacting the U.S. Department of State about replacement options. This precaution can help reduce the risk of someone using your passport details for fraudulent purposes.
Enroll in the Free Identity Protection Services
Windward Life Care is offering complimentary credit monitoring and identity theft restoration through Cyberscout. Taking advantage of this offer can provide an added layer of protection while you monitor your accounts.
To enroll, visit the Cyberscout activation page and enter the code from your notification letter. Remember that enrollment must be completed within 90 days, so acting quickly is important.
More Information
Official Notice from Windwardlifecare
Official State Attorney General Notification
Official Data Breach Notification Letter (PDF)
Official Notice from Annualcreditreport
