Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.
Class Action U Logo
Check Your Eligibility

Center for Advanced Eye Care Data Breach

The Center for Advanced Eye Care discovered on December 16, 2025, that its legacy system had been compromised, potentially exposing protected health information. The affected individuals were identified by February 13, 2026. Patients should remain vigilant and consider exploring potential legal action.

Center for Advanced Eye Care
Date of Breach: December 16, 2025
CAU logo

Who was affected:

Clients of Center for Advanced Eye Care

Impacted Data:

Protected health information

Check Your Eligibility

The Center for Advanced Eye Care (“the Practice”) recently disclosed a data security incident involving unauthorized access to its legacy system. The December 2025 breach may have exposed protected health information stored within older system environments.

The Center for Advanced Eye Care’s Data Breach Investigation

The Center for Advanced Eye Care announced that it identified a cybersecurity incident involving its legacy system on December 16, 2025. According to the Practice, an unauthorized actor potentially compromised this older system environment, resulting in access to certain protected health information (PHI).

Upon discovering the issue, the Practice immediately secured the affected legacy environment and engaged a specialized third-party cybersecurity firm to conduct a comprehensive forensic investigation. Such investigations are designed to determine how the breach occurred, what systems were impacted, and whether sensitive information was accessed, acquired, or exfiltrated.

The forensic investigation concluded that certain protected health information within the legacy systems was subject to unauthorized access. Legacy systems—older software or hardware platforms that may no longer receive regular updates or patches—can present heightened cybersecurity risks if not adequately secured or monitored. Healthcare organizations that maintain legacy systems must implement appropriate safeguards to prevent unauthorized access to sensitive patient data.

Following the investigation’s findings, the Practice initiated a comprehensive and detailed review of the impacted information. The purpose of this review was to identify the individuals whose data may have been involved and determine the specific types of information that could have been compromised. On February 13, 2026, the Practice finalized the list of individuals to notify.

Although the Practice has not indicated that the information has been misused, unauthorized access to protected health information can create significant risks. Healthcare data is particularly sensitive because it often includes a combination of personal identifiers and confidential medical details. Such information may be used for identity theft, insurance fraud, or medical identity fraud, which can lead to inaccurate medical records and financial harm.

In response to the incident, the Practice stated that it has taken additional steps to reduce the risk of similar events occurring in the future. These measures include enhancing technical security controls and strengthening internal procedures. While post-incident improvements are important, individuals affected by the breach may still face ongoing concerns about the security of their personal and medical information.

Healthcare providers have a legal and ethical responsibility to protect patient information under applicable privacy laws, including HIPAA. When unauthorized access occurs, even within a legacy system, affected individuals may have legal rights.

At Class Action U, we believe patients deserve transparency and accountability when their personal or health information is placed at risk. If you received a notification from The Center for Advanced Eye Care, understanding what happened and learning about your legal options can help you take informed action.

When Did This Breach Occur?

According to The Center for Advanced Eye Care:

  • Date(s) the Breach Occurred: On or before December 16, 2025 (exact timeframe not specified)

  • Date the Breach Was Discovered: December 16, 2025

The Practice discovered the potential compromise of its legacy system on December 16, 2025, and subsequently initiated its investigation.

What Information Was Breached?

Based on the investigation, certain protected health information within the Practice’s legacy systems may have been subject to unauthorized access. The specific information involved varies by individual and was outlined in notification letters sent to affected patients.

Protected health information may include identifying and medical details typically maintained in patient records.

What You Can Do

If you received a notification from The Center for Advanced Eye Care, consider taking proactive steps to protect yourself:

  • Review medical statements and insurance explanations of benefits (EOBs) for unfamiliar services.

  • Monitor your credit reports and financial accounts for suspicious activity.

  • Place a fraud alert or credit freeze on your credit file if appropriate.

  • Remain vigilant for phishing emails or phone calls referencing the Practice or your medical information.

  • Report suspected identity theft or fraud to your financial institution and appropriate authorities.

Even if there is no evidence of misuse at this time, healthcare data can be misused months or years after a breach. Staying vigilant can help reduce potential harm.

You may also want to explore your legal rights. Many patients are unaware that they may qualify to join a class action lawsuit following a healthcare data breach. Understanding your options can help you determine whether you may be entitled to compensation.

File a Data Breach Lawsuit Against The Center for Advanced Eye Care

If you received notice that your protected health information was involved in The Center for Advanced Eye Care data breach, you may have the right to pursue legal action.

Data breach lawsuits seek to hold healthcare providers accountable when sensitive patient information is exposed due to cybersecurity failures. Compensation may include reimbursement for out-of-pocket expenses, time spent addressing identity theft concerns, credit monitoring costs, and other damages associated with the exposure of your information.

You do not have to face the consequences of a data breach alone. Learning about your legal rights can empower you to take action and potentially recover compensation.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.

VIEW PDF
Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
CTC Building Solutions Data Breach
Date of Breach: Not Specified
State Farm Data Breach
Date of Breach: January 29, 2026
Sadler Gibb & Associates Data Breach
Date of Breach: Not specified
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.