Cyber Incident Victim: Unlimited Care, Inc.

On February 16, 2023, Unlimited Care, Inc. (UCI), a Westchester-based home healthcare provider operating 16 locations across New York, detected a network disruption within its IT systems. The company promptly secured its computer network following this discovery and engaged cybersecurity experts to investigate the incident. The investigation confirmed that an unauthorized actor had accessed portions of the corporate network during this disruption. On March 21, 2023, UCI determined through forensic analysis that the intruder had obtained access to sensitive employee data stored on the compromised systems, potentially extracting personal information. The exposed data included employees' full names, residential addresses, dates of birth, and Social Security numbers, representing high-risk identity information. UCI subsequently analyzed affected records to identify impacted individuals, revealing that data belonging to 29,474 employees had been exposed or acquired during the breach.

UCI fulfilled regulatory obligations by formally filing a notice of data breach with the Maine Attorney General's office on April 12, 2023, and initiated direct mail notifications to all affected employees on the same date. The incident exposed critical personal identifiers that could facilitate identity theft or financial fraud against current and former employees. As an organization employing over 2,500 staff and generating approximately $250 million in annual revenue, UCI's breach represented a significant organizational data compromise given both the sensitive nature of the stolen data elements and the population scale. No information regarding initial attack vectors, duration of network access, or system restoration timelines was publicly disclosed in the regulatory filing or breach notification statements. The company's public communications limited technical details to the confirmed unauthorized access occurrence and the specific categories of compromised personal information.