Windward Life Care Data Breach: 25GB of Data Stolen

Windward Life Care, a San Diego-based company that provides aging life care management, in-home caregiving and private home health nursing for older and disabled adults, has disclosed a data breach.

Windward Life Care discovered the breach on Dec. 8, 2025. Notification letters to affected individuals were sent on April 10, 2026.

The breach was reported to the attorneys general of California and New Hampshire. At this time, it is undisclosed how many total people are affected as a result of the breach.

What happened in the Windward Life Care data breach

Windward Life Care became aware of unusual activity in its network environment on or about Dec. 8, 2025. The company began an investigation and retained legal counsel and third-party forensic specialists to examine the suspicious activity.

That investigation found that certain information may have been viewed or copied by an unauthorized individual. The unauthorized activity is believed to have started on Dec. 8, 2025.

On Jan. 5, 2026, a ransomware group known as Sinobi posted a claim on the Tor network stating it had obtained 25 gigabytes of Windward Life Care's data. The group claimed the compromised information included customer data, incident records and contracts. Sinobi also threatened to publish the data within nine to 10 days.

Windward Life Care began a comprehensive review of the affected data to determine what personal information was impacted and to whom it related, which concluded on April 6, 2026.

The types of information potentially exposed in this breach include both personally identifiable information and protected health information including names, Social Security numbers, driver's license numbers, taxpayer identification numbers, passport information, patient identification numbers, personal identification numbers, financial account numbers, debit or credit card numbers, addresses, handwriting or electronic signatures, medical information, health insurance information, user names, email addresses and other account holder identifying information and access information.

Windward Life Care's response to the breach

Windward Life Care is offering affected individuals at least 12 months of complimentary single-bureau credit monitoring, credit report, credit score and identity theft restoration services through Cyberscout, a TransUnion company. The company is also providing proactive fraud assistance to help with questions or in the event someone becomes a victim of fraud.

To enroll, affected individuals can visit the Cyberscout activation page and enter the unique code provided in their notification letter. Enrollment must be completed within 90 days of the letter date.

Windward Life Care has also set up a dedicated assistance line at 1-833-289-6231, available Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, excluding major U.S. holidays. Affected individuals are encouraged to have their notification letter ready when calling.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert with all three major credit bureaus, Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-916-8800), to help prevent unauthorized accounts from being opened.
• Review credit reports by requesting free copies at AnnualCreditReport.com and checking for any unfamiliar accounts or inquiries.
• Monitor financial accounts and statements closely for any unauthorized transactions, and report suspicious activity to the relevant financial institution right away.
• Watch for phishing attempts that reference Windward Life Care or this data breach by name, as scammers sometimes use breach notifications to trick people into sharing more personal information.
• Consider a passport replacement by contacting the U.S. Department of State if passport information was included in the exposed data, as compromised passport details could be used for identity fraud.
• Review health insurance statements for unfamiliar medical charges or services, as medical records and health insurance details were among the data types potentially exposed in this breach.