A new class-action lawsuit has been filed against Visionworks of America Inc. after a data breach exposed the personal and health information of nearly 40,000 customers. The breach, which occurred on October 10, 2024, was caused by a cyberattack. The lawsuit, filed on December 23 in U.S. District Court in San Antonio, accuses the company of being careless in protecting private data and slow to notify the public about the breach.
The lawsuit was filed on behalf of an Arizona customer whose personal identity and health details were compromised. The lawsuit claims that Visionworks’ negligence allowed cybercriminals to access sensitive information, making it easier for them to commit identity theft and cause financial harm to thousands of individuals.
According to the lawsuit, Visionworks took nearly two months to notify affected individuals, and they have yet to contact those impacted. The company did report the breach to the U.S. Department of Health and Human Services as required by law. The breach was classified as a hacking/IT incident, likely caused by a phishing email attack. In this type of attack, a hacker tricks an employee into giving out sensitive information.
Customers and employees of Visionworks are required to provide various personal details, such as their names, birth dates, Social Security numbers, financial information, and medical records. The lawsuit is asking the court to recognize those affected by the breach as a class and provide compensation for the damages they’ve suffered.
This breach was one of 57 healthcare-related data breaches reported in October 2024 that affected 500 or more individuals. This lawsuit is not the first legal action against Visionworks this year. Earlier in February, a separate lawsuit was filed over the company’s alleged tracking and sharing of customers’ personal health information without their consent. Visionworks has not responded to requests for comment on the current lawsuit.
Visionworks operates over 750 locations where it offers eye exams and sells glasses, contact lenses, and sunglasses. The company continues to face legal challenges over how it handles customers’ private data.