Nottingham Village Data Breach Impacts 7,919 Individuals: PII Exposed

Nottingham Village, a senior living and healthcare community in Northumberland, Pennsylvania, disclosed a data breach that affected 7,919 individuals in the United States.

Nottingham Village detected unauthorized access to its network on or about Nov. 9, 2025. An investigation into the incident determined that some of the company's files may have been accessed or removed by unauthorized individuals between Nov. 8, 2025, and Nov. 9, 2025.

Shortly after the initial breach, the Qilin ransomware group claimed responsibility for the attack. On Nov. 25, 2025, the group posted a claim on the Tor network, stating it had obtained 110 GB of the organization's data.

The investigation into the breach spanned several months as a thorough review of the potentially affected data was conducted.

The type of personal information exposed in the breach included first and last names, as well as additional undisclosed personal information.

The breach was disclosed to the Maine Attorney General on May 22, 2026. Nottingham Village notified affected consumers beginning on May 22, 2026.

Nottingham Village's response to the breach

Nottingham Village is offering affected individuals complimentary identity protection services through Iris Identity Protection at no cost.

The Iris Identity Protection services include credit monitoring from Equifax, identity monitoring, identity fraud insurance and identity resolution services. Affected individuals can enroll by visiting the Iris Identity Protection enrollment website and entering the promo code included in their notification letter. The deadline to enroll is 90 days from the date of the notification letter.

Nottingham Village has also set up a dedicated and confidential call center for individuals with questions about the incident. The response line is available for 90 days from the date of the notification letter, between 8 a.m. and 5 p.m. Central Time, Monday through Friday, excluding holidays.