Waveny Lifecare Network Data Breach Investigation

Data Breach Blog

Data Breach

Waveny Lifecare Network Data Breach Investigation

Almeida Law Group Calendar Icon

Date of data breach:

June 3, 2026

by: Almeida Law Group

Almeida Law Group is investigating a data breach at Waveny Lifecare Network. The breach occurred on May 24, 2025, and was discovered on March 24, 2026. If you were affected, contact Almeida Law Group.

About Waveny Lifecare Network

Waveny Lifecare Network is a 501(c)(3) nonprofit healthcare organization headquartered in New Canaan, Connecticut, that has provided senior care services since 1975. It offers a broad continuum of care including independent living, assisted living, memory care, skilled nursing, rehabilitation, home health, hospice, and an adult day program, with additional locations in Wilton Center, CT. Because the organization provides healthcare services to older adults, it handles the kinds of personal and health information that can be particularly sensitive if exposed.

What Happened?

Waveny Lifecare Network was listed in a Maine Attorney General breach filing. The incident was an external system breach caused by hacking, affecting 8,548 people in total. Consumer notifications were sent on June 2, 2026.

According to Waveny’s own notification letter, unusual activity was detected on or around May 28, 2025—a slight discrepancy from the Maine AG filing’s listed breach date of May 24, 2025. The review of affected information was completed on March 23, 2026 (the Maine filing lists March 24, 2026 as the discovery date). That means approximately ten months elapsed between the incident and its discovery, and more than twelve months passed before consumers were notified. The specific data types involved are partially redacted in the available notice text; the letter references “last name in combination with” additional information but the list is cut off. BlackFog’s ransomware reporting confirmed that both personal and health information were compromised. Credit monitoring services through TransUnion were offered at no cost for twelve months.

The Qilin ransomware group, a Russia-linked ransomware-as-a-service operation that became the most active ransomware group by attack volume in 2025, claimed responsibility for the attack on its dark web leak site on June 12, 2025—months before Waveny reported discovering the breach. Waveny engaged third-party cybersecurity specialists and notified law enforcement. No class action lawsuit has been filed as of early June 2026, but at least one law firm is actively investigating potential legal claims on behalf of affected individuals.

Key Facts at a Glance

  • Company or Organization: Waveny Lifecare Network
  • Industry: Healthcare / Senior Living & Care
  • Location: 3 Farm Road, New Canaan, CT 06840
  • Incident type: External system breach (hacking); Qilin ransomware
  • Date of breach: May 24, 2025 (Maine AG filing); May 28, 2025 (notification letter)
  • Date breach discovered: March 24, 2026 (Maine AG filing); March 23, 2026 (notification letter)
  • Date of consumer notification: June 2, 2026
  • Total persons affected: 8,548
  • Identity theft protection offered: Yes — 12 months of credit monitoring through TransUnion
  • Litigation status: No class action filed; Levi & Korsinsky investigating potential claims
  • Source: Maine AG Filing; HIPAA Journal; BlackFog – October 2025 Ransomware Report; RedPacket Security

What Should You Do?

If you received a notice from Waveny Lifecare Network, enroll in the twelve months of free credit monitoring through TransUnion as soon as possible—check your notice for the enrollment instructions and any applicable deadline. You should also place a fraud alert or credit freeze with TransUnion, Experian, and Equifax to reduce the risk of someone opening accounts in your name. Review your credit reports at AnnualCreditReport.com and monitor your financial account statements for unfamiliar transactions. Because health information was confirmed to be involved in this breach, also review your Explanation of Benefits statements and any medical records for services you did not receive. If you spot signs of identity theft or fraud, report them at IdentityTheft.gov.

Your Legal Rights

If your personal or health information was involved in this breach, you may have legal rights depending on the facts of the incident and the law in your state. Almeida Law Group represents consumers in data breach and privacy litigation and can help you evaluate whether you may have a claim. Contact us at (708) 529-5418 or through our contact page for a free case evaluation.

Were You a Victim of a Data Breach?

"*" indicates required fields

By clicking the SEND button and submitting this form, I consent to receive communications from Almeida Law Group LLC and their co-counsel by phone call, email, and/or SMS regarding this matter and other potential legal matters. I understand that message and data rates may apply and that consent to such contact is not required for use of these services. Message frequency varies. Reply STOP to opt-out and HELP for help. I also agree to the Privacy Policy. I understand that my information may be shared with advertising partners to deliver targeted advertisements and optimize outreach efforts. I confirm that I am at least 18 years old. I have read and understand the disclaimer above. I agree my use of this site and the information provided here is not intended to create and does not create an attorney client relationship with the Almeida Law Group and/or attorneys employed by the Firm. No attorney client relationship is intended or created unless and until an engagement agreement is signed by all relevant parties. The contents of this site constitute attorney advertising and not legal advice; therefore you should not act or rely upon any information contained herein, and should always seek the advice of an attorney.

Resourceful. Resilient. Relentless.

Contact us today to get the justice you and your family deserve.

Contact us Today