Data Breach Summary
Ocuco Inc., an Ireland-based eyecare software provider serving over 6,700 client sites in 77 countries, has disclosed a significant ransomware attack that may have exposed sensitive data belonging to nearly 241,000 individuals .
On May 30, 2025, Ocuco filed a breach notification with the U.S. Department of Health and Human Services (HHS), revealing that nearly 240,961 individuals were impacted in what appears to be a ransomware attack
Initial investigations indicate the breach likely occurred on April 1, 2025, when attackers from the ransomware group KillSec infiltrated Ocuco’s network. According to the threat actor’s claims on the dark web, over 340 GB of data, including 670,344 files and 26,838 folders, were exfiltrated.
The breach reportedly affected both personally identifiable information (PII) and highly sensitive protected health information (PHI). Potentially compromised data includes:
Names, contact details, dates of birth
Medical and insurance records
Financial data and procedural information
Expect a notification letter: Ocuco is or will be contacting affected patients and customers via the U.S. HHS-mandated notification process .
Monitor your accounts: Watch for unusual activity tied to your name, insurance, or financial records.
Keep an eye out for scams: Phishing attempts may spike following this kind of breach—avoid clicking on unsolicited links.
Consult legal counsel: Attorneys working Class Action U are investigating potential class-action claims on behalf of those affected.
Ocuco who received a data breach notification should consider legal action for potential compensation. Joining a class action lawsuit can afford you the opportunity to claim reparations for damages incurred due to this breach. Contact Class Action U for a free consultation to determine if you qualify for this lawsuit. Together, we can hold Ocuco accountable and help prevent such incidents in the future.
©2024 ClassActionU
