SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Asheville Eye Associates Says 147,000 Impacted by Data Breach

Asheville Eye Associates says the personal information of 147,000 individuals was stolen in a November 2024 data breach.

North Carolina eye care center Asheville Eye Associates (AEA) is notifying roughly 147,000 individuals that their personal information was stolen in a November 2024 data breach.

The incident, the company says, was detected on November 18, after a threat actor gained access to its network and exfiltrated certain files from its systems.

“We quickly engaged third-party specialists to assist us with securing the network environment and investigating the incident,” the company informed the impacted individuals.

The investigation into the stolen data, it says, was concluded on April 14, 2025, and determined that personal information such as names, addresses, Social Security numbers, treatment details, and health insurance information was stolen in the attack.

“As of this writing, we have not received any reports of identity theft related to this incident,” AEA writes in the notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office.

The eye care center initially disclosed the incident on January 31, when it notified the US Department of Health and Human Services that 193,306 people were affected. Subsequently, that number was updated to 204,984.

Now, the company says it “identified additional individuals whose personal information was contained in the affected records”, but it told the Maine AGO that notification letters were sent to 147,116 people, who are being offered 12 months of free identity theft protection services.

AEA has not shared details on the type of cyberattack it suffered, but the DragonForce ransomware gang added the eye care firm to its Tor-based leak site in December, claiming the theft of nearly 540 GB of data. The group has since made the data available publicly.

Advertisement. Scroll to continue reading.

SecurityWeek has contacted Asheville Eye Associates for clarification on the number of impacted individuals and confirmation on DragonForce’s claims and will update this article if the company responds.

Related: Hackers Stole 300,000 Crash Reports From Texas Department of Transportation

Related: Anubis Ransomware Packs a Wiper to Permanently Delete Files

Related: MainStreet Bank Data Breach Impacts Customer Payment Cards

Related: Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Rethinking Endpoint Hardening for Today’s Attack Landscape
On Demand

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Virtual Event: Cloud & Data Security Summit
July 16, 2025

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.