Details of the Asheville Eye Associates Data Breach
On January 31, 2025, AEA publicly disclosed details of the breach on its website, following a filing with the U.S. Department of Health and Human Services on January 17, 2025. The ransomware group DragonForce has allegedly claimed responsibility for the Asheville Eye Associates (AEA) data breach, asserting that it exfiltrated nearly 540GB of data from the medical provider’s servers.
An investigation was launched to assess the extent of unauthorized access and identify the compromised information. AEA has confirmed that a subset of patients had their names, addresses, health insurance details, and medical treatment information exposed. The organization is in the process of notifying those affected. However, Social Security numbers, credit card details, and financial information were not impacted.
What Information Was Involved?
The breached data may include personal information such as:
Names, emails, birth dates, Social Security numbers, account numbers, and medical diagnosis details. Employees and physicians may have had addresses, phone numbers, spouses’ names, driver’s licenses, passports, Social Security numbers, and professional credentials exposed. Additionally, HR documents, health insurance information, diagnostic images, administrative records, and payment details for medical services were among the leaked files.
How to Know if You Were Affected
If you received a data breach notification from Asheville Eye Associates, your personal information may have been compromised. While most victims are officially informed via a ‘‘notice of data breach” in the mail, the consequences—such as fraudulent transactions and identity theft—can begin long before you receive the notice.
Potential Risks of the Asheville Eye Associates Data Breach
A data breach like the one at Asheville Eye Associates can have serious consequences for affected individuals. Even if there is no immediate evidence of misuse, cybercriminals can exploit stolen information in various ways. Here are some of the key risks:
1. Identity Theft
Personal information such as Social Security numbers, driver’s license details, and financial account numbers can be used to commit identity theft. Criminals may attempt to open credit accounts, take out loans, or even file fraudulent tax returns in your name.
2. Financial Fraud
If your banking details were exposed, you may be at risk of unauthorized withdrawals, fraudulent transactions, or new accounts being opened in your name. Hackers often sell financial data on the dark web, increasing the chances of your information being misused.
3. Targeted Phishing Scams
Cybercriminals often use stolen data to craft convincing phishing scams. You may receive emails, phone calls, or text messages that appear to be from Asheville Eye Associates or another trusted entity. These scams may ask for additional personal details or prompt you to click on malicious links, further compromising your security.
4. Medical Identity Theft
If health insurance or medical-related information was leaked, criminals could use it to fraudulently obtain medical services, prescription drugs, or file fake insurance claims in your name. This type of fraud can be difficult to detect and may cause long-term financial and legal issues.
5. Credit Score Damage
Unauthorized activity, such as fraudulent credit card applications or unpaid loans taken out in your name, can significantly harm your credit score. This could affect your ability to secure loans, mortgages, or even employment opportunities in the future.
Steps to Take If You Were Affected by the Asheville Eye Associates Data Breach
Stay Alert for Phishing Scams
Scammers may try to take advantage of the data breach by posing as Asheville Eye Associates. Be wary of unexpected emails, texts, or phone calls requesting personal information. When in doubt, verify any communication directly with the company through official channels.
Monitor Your Credit and Financial Accounts
Keep a close eye on your bank statements, credit card activity, and credit reports for any unauthorized transactions. Set up account alerts to catch suspicious activity early. Take advantage of free credit reports and review them carefully for unfamiliar accounts or discrepancies.
Consider Freezing Your Credit
For added protection, request a credit freeze from all three major credit bureaus. This prevents anyone from opening new accounts in your name while still allowing you to use your existing credit. If you need to apply for credit, you can temporarily lift the freeze when necessary.
Class Action U, in partnership with KO Lawyers, is supporting individuals impacted by the Asheville Eye Associates data breach. If your information was exposed in this breach, you may be eligible to join a class action lawsuit.
How Asheville Eye Associates Class Action Lawsuits Help Victims Seek Compensation
Class action lawsuits allow individuals affected by large-scale data breaches like the Asheville Eye Associates incident, to come together and pursue compensation collectively. These lawsuits can provide a more efficient and cost-effective way to hold companies accountable for failing to protect personal information. Learn how joining a class action lawsuit can potentially help you to seek compensation for:
- Loss of privacy
- Time spent addressing the breach
- Out-of-pocket costs
- Emotional distress
A successful case could also compel Asheville Eye Associates, to improve its security measures and prevent future breaches. Reach out to Class Action U today to determine your eligibility for a data breach class action lawsuit and the compensation that may be available to you.