Lynwood Manor

Lynwood Manor, a Michigan-based assisted-living facility, faced a 2021 data breach exposing the personal information of approximately 6,500 current and former employees. The breach resulted in a proposed class-action lawsuit, with plaintiff Jennifer Rodriguez alleging the company negligently failed to safeguard sensitive employee data. While the negligence claim was dismissed, the court upheld a breach of implied contract claim, citing concrete injuries sufficient for federal standing. The exposed data likely including personally identifiable information (PII) posed risks such as identity theft, financial fraud, or reputational harm to affected employees. The incident underscores vulnerabilities in the facility’s cybersecurity measures, particularly in protecting internal workforce data from unauthorized access or exfiltration.

Source: https://news.bloomberglaw.com/litigation/assisted-living-center-employee-advances-data-breach-class-suit

TPRM report: https://www.rankiteo.com/company/lynwood-manor

"id": "lyn0592805092325",
"linkid": "lynwood-manor",
"type": "Breach",
"date": "6/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Michigan, USA',
                        'name': 'Lynwood Manor',
                        'type': 'Assisted-living facility'}],
 'data_breach': {'data_exfiltration': 'Yes (implied by exposure)',
                 'number_of_records_exposed': '6,500',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personal information of '
                                        'employees)',
                 'type_of_data_compromised': ['Personal information']},
 'description': 'Michigan assisted-living facility Lynwood Manor faced a '
                'proposed class action alleging it negligently failed to '
                'protect the personal information of around 6,500 current and '
                'former employees exposed in a 2021 data breach. Jennifer '
                'Rodriguez alleged concrete injuries sufficient to establish '
                'standing to sue in federal court under one of her theories of '
                'injury, and adequately pleaded a claim of breach of implied '
                'contract. The court denied Lynwood’s motion to dismiss the '
                'breach of implied contract claim but dismissed the negligence '
                'claim.',
 'impact': {'brand_reputation_impact': 'Negative (lawsuit and public '
                                       'disclosure of breach)',
            'customer_complaints': ['Proposed class action lawsuit by Jennifer '
                                    'Rodriguez'],
            'data_compromised': ['Personal information of ~6,500 current and '
                                 'former employees'],
            'identity_theft_risk': 'Likely (personal information exposed)',
            'legal_liabilities': ['Class action lawsuit (breach of implied '
                                  'contract claim upheld; negligence claim '
                                  'dismissed)']},
 'initial_access_broker': {'high_value_targets': ['Employee personal data']},
 'investigation_status': 'Ongoing (lawsuit in progress)',
 'references': [{'source': 'US District Court for the Eastern District of '
                           'Michigan ruling (2023)'}],
 'regulatory_compliance': {'legal_actions': ['Class action lawsuit (breach of '
                                             'implied contract claim upheld)']},
 'title': 'Lynwood Manor Data Breach (2021)',
 'type': 'Data Breach'}