Cyber Incident Victim: Watermark Retirement Communities

Watermark Retirement Communities, a senior living operator based in Tucson, Arizona, discovered a cyber intrusion in September 2021. The organization promptly engaged an external cybersecurity forensic firm to investigate the nature and scope of the incident. Through this investigation, Watermark determined that unauthorized actors potentially accessed sensitive personal information belonging to 208 individuals. The affected population included residents and potentially other associated parties across facilities in 10 U.S. states, though specific state names were not disclosed in public notifications. The breach timeline indicated the intrusion occurred on or around the discovery date, with no evidence suggesting prolonged undetected access prior to September.

On February 17, 2021, Watermark initiated formal breach notifications to impacted individuals, nearly five months after identifying the incident. The notifications confirmed that compromised data may have included personally identifiable information, though exact data elements were not specified publicly. No ransomware deployment or financial theft was explicitly cited in available reports. The company's response focused on forensic analysis and regulatory compliance through individual notifications, with no disclosed details regarding system containment measures, attacker attribution, or post-breach security enhancements. The incident represented a localized compromise affecting a limited subset of Watermark's operations, with no reported disruptions to resident care services during or after the event.