Westminster Village Greenwood Data Breach Exposes Sensitive PII and PHI

Westminster Village Greenwood Inc, a nonprofit senior living community in Greenwood, Indiana, has disclosed a data breach that exposed a wide range of sensitive personal and health information. The organization reported the incident to the Massachusetts Office of Consumer Affairs and Business Regulation and its website as a public notice on March 12, 2026.

So far, the breach has affected six Massachusetts residents.

How the breach unfolded

Westminster Village Greenwood experienced unauthorized access to its network on or about Feb. 12, 2025. Upon learning of the issue, the organization began an investigation with the help of external cybersecurity professionals.

The forensic team determined that an unauthorized actor may have accessed or acquired data from the company's systems. Westminster Village Greenwood then engaged a vendor to conduct a thorough manual review of the potentially affected files.

On Jan. 23, 2026, after completing both the forensic investigation and the manual document review, the company determined that certain files may have been accessed or acquired without authorization between on or about Feb. 11, 2025, and Feb. 17, 2025.

The breach potentially exposed a broad range of personally identifiable information (PII), including full names, addresses, dates of birth, Social Security numbers, driver's license numbers, passport numbers, financial account information and usernames and passwords.

Protected health information (PHI) was also involved, including medical record numbers, medical diagnoses, medical treatment information, medications, lab results and health insurance information.

What Now?

Westminster Village Greenwood is offering complimentary access to Experian IdentityWorks Credit 3B monitoring services.

The company has also established a dedicated toll-free response line for individuals with questions about the incident. The line is staffed Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays.

Affected individuals can also contact Experian's customer care team at 1-877-288-8057 for help with the monitoring service or identity restoration.

Place a credit freeze. A credit freeze is one of the most effective ways to prevent identity theft when Social Security numbers have been exposed. It blocks new credit accounts from being opened without explicit authorization. Individuals can place a free freeze by contacting Equifax at 888-298-0045, Experian at 888-397-3742 and TransUnion at 888-909-8872.

Set up a fraud alert. As an additional precaution, individuals can place a free one-year fraud alert on their credit files. A fraud alert requires creditors to take extra steps to verify identity before opening new accounts. Contacting any one of the three bureaus will automatically notify the other two.

Request an IRS Identity Protection PIN. With Social Security numbers potentially compromised, affected individuals should consider requesting an Identity Protection PIN from the IRS. This six-digit number helps prevent fraudulent tax returns from being filed in their name.

Monitor financial accounts closely. Because financial account information was exposed, individuals should review bank and credit card statements carefully for any unauthorized transactions. Suspicious activity should be reported to the financial institution right away.

Change passwords immediately. Usernames and passwords were among the data compromised in this breach. Affected individuals should change their passwords for any accounts that used the same or similar credentials. Enabling two-factor authentication wherever possible adds an important extra layer of security.

Review health insurance statements. Medical records, diagnoses, treatment information, medications, lab results and health insurance details were all potentially exposed. Individuals should carefully review their Explanation of Benefits statements for any services they did not receive. Unrecognized charges or claims could indicate medical identity theft and should be reported to the insurance company promptly.

Check credit reports regularly. Federal law entitles consumers to one free credit report every 12 months from each of the three major credit bureaus. These reports can be requested at AnnualCreditReport.com. Individuals should review them for unfamiliar accounts, inquiries or other signs of fraud.

Be cautious of phishing attempts. Scammers sometimes use data breach notifications to trick people into sharing more personal information. Individuals should be wary of any emails, phone calls or letters that reference this breach by name and ask for sensitive details.

Anyone who believes their information has been misused can file a complaint with the Federal Trade Commission by calling 1-877-438-4338. They may also file a police report with local law enforcement to document any suspected identity theft.