EyeCare Partners, LLC recently disclosed a data security incident involving unauthorized access to employee-managed email accounts. The incident may have exposed sensitive personal and limited health information of certain individuals. Those impacted could have legal options available.
EyeCare Partners Data Breach Investigation
EyeCare Partners, LLC (“ECP”) operates a nationwide network of eye care practices, including The Ophthalmology Group, Ophthalmology Consultants, and Ophthalmology Associates. In early 2025, the company identified suspicious activity involving one of its email accounts, prompting an internal investigation into a potential data security incident.
According to ECP, the suspicious activity was first identified on or around January 28, 2025. Once discovered, EyeCare Partners immediately secured the affected email account to prevent further unauthorized access and began an internal review. To ensure a thorough and independent assessment, ECP engaged an external forensic security firm to investigate the incident and confirm the integrity of its broader computer systems and network.
The forensic investigation determined that an unknown, unauthorized third party temporarily accessed certain ECP-managed email accounts between December 3, 2024, and January 28, 2025. Following this finding, EyeCare Partners conducted a detailed review of the emails and files that may have been accessed during the incident. This review concluded on November 11, 2025.
As a result of the review, EyeCare Partners determined that personal information belonging to certain individuals was potentially accessed. While the company stated that there is currently no evidence that the information has been misused for fraud or identity theft, the exposure of sensitive data raises concerns about privacy, long-term identity theft risk, and the adequacy of safeguards protecting patient and consumer information.
EyeCare Partners emphasized that full medical records and detailed clinical notes were not accessed during the incident. However, the presence of personal identifiers combined with limited clinical data may still create risks for affected individuals. In response, ECP reported that it has reviewed and enhanced its technical security measures and reminded employees about identifying suspicious or unexpected emails as part of its efforts to reduce the risk of similar incidents in the future.
Out of an abundance of caution, EyeCare Partners is notifying affected individuals and offering complimentary credit monitoring and credit reporting services to help mitigate potential harm.
When Did This Breach Occur?
The unauthorized access occurred between December 3, 2024, and January 28, 2025. EyeCare Partners identified the suspicious activity on or around January 28, 2025, and completed its review of the potentially affected information on November 11, 2025.
What Information Was Breached?
The type of information potentially accessed varied by individual but may have included:
EyeCare Partners stated that full medical records and detailed clinical notes were not accessed in this incident.
What You Can Do
If you received a notification from EyeCare Partners or believe your information may have been impacted, there are steps you can take to protect yourself:
-
Enroll in credit monitoring: EyeCare Partners is offering complimentary single-bureau credit monitoring, credit reports, and credit score services. Enrollment must be completed within 90 days of the notification letter.
-
Monitor financial and insurance accounts: Review bank statements, credit card activity, and insurance explanations of benefits for suspicious or unfamiliar activity.
-
Check your credit reports: Monitor your credit reports for unauthorized accounts or inquiries.
-
Consider fraud alerts or credit freezes: These tools can help prevent new accounts from being opened without your consent.
-
Keep all documentation: Save breach notification letters and related materials, as they may be important if you pursue legal action.
Taking proactive steps now can help reduce the risk of identity theft or financial fraud.
File a Data Breach Lawsuit Against EyeCare Partners
Individuals whose personal information was potentially accessed in the EyeCare Partners data breach may be eligible to pursue a class action lawsuit. Such lawsuits can seek compensation for loss of privacy, time spent monitoring accounts, out-of-pocket expenses, and the increased risk of identity theft.
Data breach lawsuits also serve to hold organizations accountable for failing to adequately safeguard sensitive personal and health-related information. Even if no misuse has yet occurred, courts increasingly recognize that exposure alone can cause real and lasting harm.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
