UPDATED:    February 12, 2025

Asheville Eye Associates Data Breach Lawsuit

Data Breach Summary

Asheville Eye Associates

Who Was Affected
193,306 patients and employees of Asheville Eye Associates
Impacted Data
Names, emails, birth dates, Social Security numbers, account numbers, and medical diagnosis details, phone numbers, spouses’ names, driver’s licenses, passports, Social Security numbers, and professional credentials exposed
Date of Breach
Not specified
Have you been affected by Asheville Eye Associates's data breach?

Asheville Eye Associates, PLLC, which operates 10 eye care centers across Western North Carolina, has reported a major data breach, impacting 193,306 patients and employees. The company has reported the incident to law enforcement and regulatory authorities, including the U.S. Department of Health and Human Services (HHS).

Although there is no confirmed evidence of misuse, Asheville Eye Associates is notifying affected individuals and implementing measures to mitigate potential risks. Those impacted are advised to stay alert for any suspicious activity related to their personal information. Recommended precautions include monitoring financial statements, updating passwords, and remaining vigilant against phishing attempts. For guidance on safeguarding your information after this incident, explore this resource on how to respond effectively to a data breach and minimize potential harm.

Details of the Asheville Eye Associates Data Breach

On January 31, 2025, AEA publicly disclosed details of the breach on its website, following a filing with the U.S. Department of Health and Human Services on January 17, 2025. The ransomware group DragonForce has allegedly claimed responsibility for the Asheville Eye Associates (AEA) data breach, asserting that it exfiltrated nearly 540GB of data from the medical provider’s servers.

An investigation was launched to assess the extent of unauthorized access and identify the compromised information. AEA has confirmed that a subset of patients had their names, addresses, health insurance details, and medical treatment information exposed. The organization is in the process of notifying those affected. However, Social Security numbers, credit card details, and financial information were not impacted.

What Information Was Involved?

The breached data may include personal information such as:

Names, emails, birth dates, Social Security numbers, account numbers, and medical diagnosis details. Employees and physicians may have had addresses, phone numbers, spouses’ names, driver’s licenses, passports, Social Security numbers, and professional credentials exposed. Additionally, HR documents, health insurance information, diagnostic images, administrative records, and payment details for medical services were among the leaked files.

How to Know if You Were Affected

If you received a data breach notification from Asheville Eye Associates, your personal information may have been compromised. While most victims are officially informed via a ‘‘notice of data breach” in the mail, the consequences—such as fraudulent transactions and identity theft—can begin long before you receive the notice.

Potential Risks of the Asheville Eye Associates Data Breach

A data breach like the one at Asheville Eye Associates can have serious consequences for affected individuals. Even if there is no immediate evidence of misuse, cybercriminals can exploit stolen information in various ways. Here are some of the key risks:

1. Identity Theft

Personal information such as Social Security numbers, driver’s license details, and financial account numbers can be used to commit identity theft. Criminals may attempt to open credit accounts, take out loans, or even file fraudulent tax returns in your name.

2. Financial Fraud

If your banking details were exposed, you may be at risk of unauthorized withdrawals, fraudulent transactions, or new accounts being opened in your name. Hackers often sell financial data on the dark web, increasing the chances of your information being misused.

3. Targeted Phishing Scams

Cybercriminals often use stolen data to craft convincing phishing scams. You may receive emails, phone calls, or text messages that appear to be from Asheville Eye Associates or another trusted entity. These scams may ask for additional personal details or prompt you to click on malicious links, further compromising your security.

4. Medical Identity Theft

If health insurance or medical-related information was leaked, criminals could use it to fraudulently obtain medical services, prescription drugs, or file fake insurance claims in your name. This type of fraud can be difficult to detect and may cause long-term financial and legal issues.

5. Credit Score Damage

Unauthorized activity, such as fraudulent credit card applications or unpaid loans taken out in your name, can significantly harm your credit score. This could affect your ability to secure loans, mortgages, or even employment opportunities in the future.

Steps to Take If You Were Affected by the Asheville Eye Associates Data Breach

Stay Alert for Phishing Scams

Scammers may try to take advantage of the data breach by posing as Asheville Eye Associates. Be wary of unexpected emails, texts, or phone calls requesting personal information. When in doubt, verify any communication directly with the company through official channels.

Monitor Your Credit and Financial Accounts

Keep a close eye on your bank statements, credit card activity, and credit reports for any unauthorized transactions. Set up account alerts to catch suspicious activity early. Take advantage of free credit reports and review them carefully for unfamiliar accounts or discrepancies.

Consider Freezing Your Credit

For added protection, request a credit freeze from all three major credit bureaus. This prevents anyone from opening new accounts in your name while still allowing you to use your existing credit. If you need to apply for credit, you can temporarily lift the freeze when necessary.

Class Action U, in partnership with KO Lawyers, is supporting individuals impacted by the Asheville Eye Associates data breach. If your information was exposed in this breach, you may be eligible to join a class action lawsuit.

How Asheville Eye Associates Class Action Lawsuits Help Victims Seek Compensation

Class action lawsuits allow individuals affected by large-scale data breaches like the Asheville Eye Associates incident, to come together and pursue compensation collectively. These lawsuits can provide a more efficient and cost-effective way to hold companies accountable for failing to protect personal information. Learn how joining a class action lawsuit can potentially help you to seek compensation for:

  • Loss of privacy
  • Time spent addressing the breach
  • Out-of-pocket costs
  • Emotional distress

A successful case could also compel Asheville Eye Associates, to improve its security measures and prevent future breaches. Reach out to Class Action U today to determine your eligibility for a data breach class action lawsuit and the compensation that may be available to you.

Related Posts