Heritage Communities, a senior living company operating 19 facilities across Nebraska, Iowa, Arizona, and Texas, suffered a network intrusion on September 16, 2025, attributed to the hacking group *Worldleaks*. The breach exposed sensitive personally identifiable information (PII) and protected health information (PHI) of current and former residents, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial data, medical records, and health insurance details. The leaked data was posted on the Tor network, with the company confirming unauthorized access to corporate systems. While the exact scope varies per individual, the incident poses significant risks of identity theft, financial fraud, and medical privacy violations. Heritage Communities secured its network and launched a forensic investigation, notifying affected individuals in late October 2025. Legal firms are pursuing class-action lawsuits for compensation, citing failures in data safeguarding.
Source: https://www.claimdepot.com/investigations/heritage-communities-data-breach-2025
Heritage Communities cybersecurity rating report: https://www.rankiteo.com/company/heritage-communities
"id": "HER0912309112525",
"linkid": "heritage-communities",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former residents '
'(number unspecified)',
'industry': 'Healthcare / Senior Living',
'location': 'Omaha, Nebraska (operates in Nebraska, '
'Iowa, Arizona, Texas)',
'name': 'Heritage Communities (Heritage Holdings LP)',
'size': '19 senior living communities',
'type': 'Senior Living Company'},
{'name': 'Orchard Pointe'},
{'name': 'OnCare Health'}],
'customer_advisories': ['Review and save notification letters',
'Enroll in credit monitoring services if offered',
'Monitor accounts for suspicious activity',
'Contact financial institutions for unauthorized '
'transactions',
'Consider fraud alerts and credit reports'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Name',
'Address',
'Date of birth',
'Phone number',
"Driver's license "
'number',
'Social Security '
'number',
'Financial '
'information',
'Health insurance '
'information'],
'sensitivity_of_data': 'High (includes SSN, medical, and '
'financial data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-09-16',
'date_publicly_disclosed': '2025-10-09',
'description': 'Heritage Communities, a senior living company, experienced a '
'network intrusion on or around Sept. 16, 2025. The hacking '
"group 'Worldleaks' claimed responsibility and leaked "
'corporate data, including PII and PHI of current and former '
'residents. The company secured its network and launched an '
'investigation with third-party forensic experts. Affected '
'individuals may be eligible for compensation under data '
'breach laws.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive resident data',
'data_compromised': ['Name',
'Address',
'Date of birth',
'Phone number',
"Driver's license number",
'Social Security number',
'Financial information',
'Medical information',
'Health insurance information'],
'identity_theft_risk': 'High (PII and PHI exposed)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'payment_information_risk': 'Moderate (financial information '
'exposed)',
'systems_affected': 'Limited number of systems'},
'initial_access_broker': {'data_sold_on_dark_web': 'Alleged by Worldleaks '
'(data leaked on Tor '
'network)',
'high_value_targets': 'PII and PHI of residents'},
'investigation_status': 'Ongoing (third-party forensic investigation in '
'progress)',
'ransomware': {'data_exfiltration': True},
'recommendations': ['Enroll in free credit monitoring and identity protection '
'services if offered',
'Monitor financial statements for suspicious activity',
'Place a fraud alert with credit bureaus',
'Request free annual credit reports',
'Seek legal counsel for compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-10-28',
'source': 'Heritage Communities Data Security Incident '
'Notification (website)'},
{'date_accessed': '2025-10-09',
'source': 'Worldleaks Tor Network Post'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuits '
'(investigation by Shamis & '
'Gentile P.A.)',
'regulatory_notifications': 'Notifications to '
'affected individuals '
'as required by law '
'(pending)'},
'response': {'communication_strategy': ['Public disclosure on Tor network by '
'threat actor (2025-10-09)',
'Notification of data security '
'incident published on company '
'website (2025-10-28)',
'Direct notifications to affected '
'individuals (pending completion of '
'analysis)'],
'containment_measures': 'Network secured promptly after '
'detection',
'incident_response_plan_activated': True,
'third_party_assistance': 'Forensic experts engaged for '
'investigation'},
'stakeholder_advisories': 'Pending completion of analysis and legal '
'requirements',
'threat_actor': 'Worldleaks',
'title': 'Heritage Communities Data Breach',
'type': 'Data Breach / Network Intrusion'}