Subscribe To Our Newsletter
If you received eye care or medical services at Naper Grove Vision Care in Illinois, your private medical records and personal identity may have been exposed to cybercriminals, but a new class action settlement offers a way to claim cash compensation.
Naper Grove Vision Care has agreed to a class action lawsuit settlement to resolve claims that the company failed to secure sensitive patient data during a May 2025 cyberattack. The deal, which received preliminary court approval on May 19, 2026, provides up to $1,000 in reimbursement for out-of-pocket expenses, alternative flat-rate cash payments, and free medical identity monitoring for the estimated 20,093 people whose information was compromised.
The legal battle began after hackers managed to infiltrate the computer networks of Naper Grove Vision Care, an optometry group based in Naperville, Illinois. According to court documents filed in the lawsuit, In re: Naper Grove Data Breach Litigation, the security incident occurred in May 2025. Plaintiffs in the case asserted that the eye care provider did not implement reasonable cybersecurity measures to shield its digital storage networks. Because the company allegedly left its systems vulnerable, unauthorized third parties were able to access and copy highly sensitive medical files.
For months, affected patients were left in the dark about the exposure of their personal details. When security breaches occur, everyday people are often the ones who pay the price through sudden identity theft, fraudulent bank charges, and targeted phishing scams. By taking legal action, the plaintiffs aimed to hold companies accountable for failing to treat digital privacy with the same level of care as physical patient health. Rather than continuing a lengthy court battle, the optometry group chose to settle the claims. The company has not admitted any wrongdoing but agreed to establish the settlement fund to resolve the litigation.
When cybercriminals target healthcare providers, they rarely stop at basic contact information. The data stolen during the May 2025 Naper Grove breach was incredibly detailed, making it highly valuable on the dark web. Court filings show that the compromised files contained a wide range of personal, financial, and clinical records. If you were an active or former patient of the clinic prior to the breach, the exposed data may have included your full name, physical mailing address, date of birth, and Social Security number.
Furthermore, the breach compromised highly private healthcare credentials, including patient identification numbers, medical conditions, treatment histories, health insurance numbers, and insurance benefits documentation. In some cases, driver’s license numbers were also caught in the sweep. This combination of medical history and financial data is particularly dangerous because it allows criminals to commit medical identity theft. When bad actors use your medical identity, they can receive expensive treatments under your name, ruin your credit, and even alter your real medical files with incorrect health histories, posing a direct threat to your physical well-being.
When a healthcare provider fails to establish adequate defenses, the legal system provides a way for consumers to stand together. The class action lawsuit argued that Naper Grove Vision Care had a legal duty to protect the private files entrusted to it by its patients. By failing to use up-to-date encryption, monitor its servers for unusual activity, and properly train employees to spot digital threats, the clinic allegedly violated basic industry standards. Under consumer protection laws, businesses that collect personal data are expected to keep that data locked down.
This settlement establishes a structured process to ensure that the individuals harmed by this digital oversight receive direct financial relief. The court-appointed settlement administrator has set up a secure website at NaperGroveSettlement.com, where affected individuals can learn about their rights and submit claims. By participating in this settlement, everyday people can claw back the money and time they spent cleaning up the mess left behind by the breach, ensuring that the corporation faces financial consequences for its security shortcuts.
The settlement is structured to address the different ways patients may have been affected by the breach. If you spent your own money dealing with the aftermath of the cyberattack, you can submit a claim for documented out-of-pocket losses. The settlement allows you to claim up to $1,000 for verified losses that occurred between May 24, 2025, and September 18, 2026. This category covers a broad range of expenses, including direct financial losses from fraud, the cost of credit monitoring services, fees for freezing or unfreezing your credit, the cost of replacing your driver’s license, and even minor costs like postage or phone charges.
To qualify for this reimbursement, you must submit supporting proof. This proof can include bank statements, receipts, credit card bills, or police reports showing that you actively lost money or paid for protective services due to the breach. If you did not suffer direct financial losses but still want compensation, you do not stand alone. You can opt out of the documented loss category and instead claim a pro rata cash payment. This cash option does not require you to show any proof of loss or receipts. The final amount of this flat cash payment will depend entirely on how many eligible class members submit valid claims before the deadline.
Because medical identity theft can take years to detect, the settlement also includes an essential preventative benefit. Every person covered by the settlement is eligible to enroll in one full year of CyEx Medical Shield Complete. This specialized service is designed specifically for healthcare breaches and goes beyond standard credit monitoring. It features dedicated medical record tracking, which alerts you if someone tries to use your name or health insurance policy to obtain prescription drugs, medical devices, or clinical treatments at healthcare facilities nationwide.
Additionally, the CyEx program provides medical identity theft insurance, giving you financial backing and professional recovery assistance if your medical persona is compromised. To activate this free service, you must use the unique enrollment code that was printed on the physical postcard or sent to your email address in the official settlement notice. Enrolling in this service is one of the most effective steps you can take to shield your family’s financial future from the long-term consequences of this cyberattack.
You may be eligible to receive these benefits if you are one of the approximately 20,093 individuals whose private personal or medical information was stored on Naper Grove Vision Care’s systems during the May 2025 security breach. If you are a member of the settlement class, you should have received a formal notice via physical mail or email. This notice contains a unique login ID and a PIN, which you will need to access the secure online claim portal.
To submit your claim, visit NaperGroveSettlement.com and fill out the online form using your unique credentials. If you did not receive a notice or prefer to file by mail, you can download a paper PDF claim form from the site, print it out, and mail it to the settlement administrator. It is crucial to act quickly, as all claim forms must be submitted online or postmarked no later than September 18, 2026. The court will hold a final approval hearing on October 20, 2026, to decide whether to officially approve the deal. If the judge grants final approval and no legal appeals are filed, the distribution of cash benefits and monitoring services will begin shortly after.
New cases and investigations, settlement deadlines, and news straight to your inbox.