Melwood discloses data breach following a ransomware attack

On Jan. 26, 2026, Melwood, a leading nonprofit in the individual and family services sector serving people with disabilities, disclosed a data breach impacting its computer network.

According to a notice filed with the Vermont Attorney General, the incident occurred between Aug. 9 and Aug. 17, 2025, when an unauthorized cyber actor accessed and copied files from a portion of Melwood’s network without permission. During this period, the Sinobi ransomware group claimed responsibility for the attack, stating on Sept. 8, 2025, via a posting on the Tor network, that they had obtained sensitive organizational data.

The notice to consumers indicates that the files reviewed contained names and additional unspecified information, which could include Social Security numbers, addresses, or other sensitive PII data, though the exact data types were not detailed in the public disclosure.

While Melwood has not specified the exact number of individuals affected, the organization’s annual service to more than 3,000 people and employment of over 1,600 staff suggest the potential for widespread impact.

The incident was first acknowledged by Melwood on its website, which has since been removed. The company also sent formal notices to affected individuals.

Melwood's response

In response to the breach, Melwood secured its computer network and began a thorough review of the compromised files to determine the scope of the incident and identify affected individuals.

For affected individuals, Melwood has set up complimentary identity monitoring and credit monitoring services through Cyberscout, a TransUnion company. These services are available for 12 months from the date of enrollment and include credit file change alerts, credit reports, credit scores, and proactive fraud assistance.

Impacted individuals must enroll within 90 days of receiving their notification letter.

Melwood has also provided guidance on protecting personal information, including instructions on how to monitor credit reports, place fraud alerts or credit freezes, and contact consumer reporting agencies and the Federal Trade Commission. The organization is evaluating additional technical safeguards and reviewing staff training and supervision practices to reduce the risk of future incidents.

Affected individuals are strongly encouraged to take advantage of the free identity monitoring, remain vigilant by reviewing account statements and credit reports, and consider placing a fraud alert or credit freeze on their credit files.

Anyone with questions about the breach can contact Melwood’s dedicated assistance line at 1-833-925-1449, Monday through Friday, from 8 a.m. to 8 p.m. Eastern Time.