Ireland-based eyecare technology company Ocuco has informed the US Department of Health and Human Services that it has suffered a data breach impacting more than 240,000 individuals.
Ocuco describes itself as the largest optical retail software company in the world, with its software and services being used at over 6,000 locations across 77 countries.
The company does not appear to have published a data breach notice, but the incident is likely related to a hacker attack involving the KillSec ransomware group, which earlier this year claimed to have stolen a significant amount of files from Ocuco.
The cybercriminals listed Ocuco on their Tor-based leak website in early April, publishing several screenshots to demonstrate their claims.
One of the screenshots suggests that at least 670,000 files — totaling 340 Gb of data — were stolen from the company.
The hackers’ site indicates that the stolen data has been published, but at the time of writing no Ocuco data appears to be available for download from the KillSec website.
SecurityWeek has reached out to Ocuco for comment and will update this article if the company responds.
KillSec has been around since at least the fall of 2023 and its ransomware-as-a-service offering was announced in June 2024. Its leak website currently lists roughly 140 victims.
It’s not uncommon for healthcare data breaches to impact hundreds of thousands of individuals, and some incidents affect millions and even tens of millions of people.
UPDATE: An Ocuco spokesperson provided the following statement to SecurityWeek:
“On April 1, 2025, we learned that a third party claimed to have stolen information from our environment via a posting on the dark web. We immediately took steps to secure our virtual environment and launched an investigation to determine if this claim was legitimate by engaging external cybersecurity experts. Our investigation determined that there was unauthorized access to two of our non-production servers and certain files stored therein, which was enabled by a newly discovered vulnerability – that was not timely disclosed to Ocuco – contained within third-party software we use on those systems. We have fully patched the vulnerability and implemented other additional security processes and procedures to further strengthen our overall cybersecurity posture.
We are still in the process of doing a detailed review of the files that were involved in this incident to identify individuals whose information may have been contained therein, and as soon as this process has been completed, will start the process of notifying relevant parties and individuals, as well as providing resources to help protect their personal information, in accordance with applicable law. We have also undertaken a general review of our cybersecurity controls and procedures with a focus on maintaining the highest levels of security for our network, systems, and data as we move forward.”
Related: Ransomware Gang Leaks Alleged Kettering Health Data
Related: Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People
Related: Ransomware Attack Forces Kettering Health to Cancel Procedures
Related: 480,000 Catholic Health Patients Impacted by Serviceaide Data Leak
