U.S. Vision, USV Optical Failed to Prevent 2021 Data Breach, Class Action Alleges [UPDATE]
Last Updated on July 11, 2024
Torres v. U.S. Vision, Inc. et al
Filed: November 10, 2022 ◆§ 1:22-cv-06558
A class action alleges U.S. Vision, Inc. and USV Optical, Inc. are responsible for a 2021 data breach that compromised the customers’ health and personally identifiable information
July 11, 2024 – $3.45M Nationwide/Sightcare Data Breach Settlement Preliminarily Approved; Official Settlement Website Is Live
The time has come for eligible class members to file claims for benefits from the $3.45 million Nationwide Vision Center and Sightcare data breach settlement described below, which received preliminary approval from the court on May 8, 2024.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
The data breach settlement covers all United States residents who are current or former patients, customers, employees, members or covered dependents of Nationwide Optometry, Nationwide Vision Center, Sightcare or any of their affiliated or related business entities whose personal information was accessed, stolen or compromised in the 2021 Nationwide/Sightcare data breach.
To submit a claim online, head to this page on the official data breach settlement website, NationwideSightcare.com. You may also download a PDF claim form to return by mail.
Claimants will need to enter the unique ID and PIN found in the settlement notice they received in the mail. If you lost or did not receive a notice, or you have any questions regarding the deal, contact the settlement administrator using the information on this page.
Claims must be submitted online or postmarked by September 23, 2024.
A final approval hearing is scheduled for October 15, 2024. Settlement money is usually distributed to class members if the court grants final approval to the deal and after any appeals are resolved.
“It is always uncertain whether these appeals can be resolved, and resolving them can take time, perhaps more than a year,” the settlement site says. “It also takes time for all the Claim Forms to be processed. Please be patient.”
The settlement does not include U.S. Vision or USV Optical, the website states.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
April 19, 2024 – U.S. Vision Data Breach Lawsuit Settled for $3.45 Million
Nationwide Optometry PC and affiliates Sightcare and Nationwide Vision Center have agreed to pay $3,450,000 to settle the proposed class action detailed on this page, which was consolidated with two related data breach lawsuits in February 2023.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
Court documents reveal that a July 2023 amended complaint for the three consolidated cases filed claims against Nationwide Optometry. The proposed class action settlement does not include co-defendants U.S. Vision or USV Optical.
On April 4, 2024, the plaintiffs filed a motion asking the court to preliminarily approve the deal, which, if approved, would cover anyone in the United States who is a current or former patient, customer, employee, member, or covered dependent of Nationwide Optometry, Nationwide Vision Center, Sightcare or any of their affiliated or related business entities and had their personal information compromised in the 2021 U.S. Vision data breach.
If approved, the settlement will provide benefits to approximately 714,000 individuals who submit timely, valid claims by mail or online at the official settlement website.
ClassAction.org will update this page when the official settlement website goes live and if the deal receives preliminary approval.
According to the proposed settlement agreement, class members who file a valid claim must select one of two options for how they’d like to receive their share of the deal.
First, covered individuals can choose to receive a pro-rated cash payment, estimated to be about $50. Alternatively, those covered by the deal can submit a claim to receive two years of free credit monitoring and identity resolution services, as well as reimbursement for certain losses related to the breach.
Specifically, eligible individuals who spent time dealing with the repercussions of the cyberattack can elect to receive $25 for each hour they lost, with a cap of $100. They can also get up to $300 for certain documented out-of-pocket expenses, such as fees for credit reports, credit monitoring or other identity theft insurance products. Class members can also get up to $5,000 for expenses related to instances of identity theft or other fraud.
“Claims under this category must be supported by an attestation and documentation substantiating the full extent of the amount claimed,” the proposed deal says. “The Settlement Administrator will employ heightened scrutiny in reviewing claims for benefits under this category.”
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
A proposed class action alleges U.S. Vision, Inc. and USV Optical, Inc. are responsible for a preventable and foreseeable data breach in 2021 that compromised the health and personally identifiable information of approximately 180,000 customers.
The 47-page lawsuit alleges retail optical chain U.S. Vision and subsidiary USV Optical failed to implement adequate cybersecurity measures to safeguard customers’ sensitive information, resulting in a 27-day data breach from April 20 to May 12, 2021. The cyberattacks targeted multiple eye care companies owned by Nationwide Optical Group, LLC, a business associate of the defendants that received eye care management and administration services from the companies, the case explains.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The filing argues that the defendants’ negligence allowed cybercriminals to access their network and obtain customers’ full names; addresses; dates of birth; Social Security, taxpayer identification, driver’s license and medical record numbers; financial account, medical treatment and diagnosis information; dates of service; provider names; diagnosis and symptom details; prescription/medication specifics; health insurance information (including payor and subscriber Medicare/Medicaid numbers); and billing and claims data.
Further, the complaint alleges that U.S. Vision became aware of suspicious activity on May 12 of last year but failed to disclose to Nationwide Optical Group the identities of individuals and entities who were affected until September 22, 2022. After this disclosure was made, Nationwide Optical Group waited over a month to notify state attorneys general and victims of the cyberattack, the suit contends.
The lawsuit states that from there, eye care companies Nationwide Vision Center, LLC, Nationwide Optometry, P.C. and SightCare, Inc., through Nationwide Optical Group, sent “unreasonably delayed” letters to affected individuals on October 28, 17 months after first learning of the data breach.
Per the complaint, U.S. Vision and USV Optical “knew or should have known” that cybercriminals would target its system based on warnings issued by the FBI and U.S. Secret Service, as well as recent high-profile ransomware attacks against other healthcare partner and provider companies.
According to the filing, the defendants have offered data breach victims complimentary fraud and identity monitoring services for up to 12 months, which “does nothing to compensate them for damages incurred and time spent dealing with the Data Breach.”
“Plaintiff and Class Members face substantial risk of out-of-pocket fraud losses such as loans opened in their names, medical services billed in their names, tax return fraud, utility bills opened in their names, credit card fraud, and similar identity theft. Plaintiff and Class Members face substantial risk of being targeted for future phishing, data intrusion, and other illegal schemes based on their Private Information as potential fraudsters could use that information to more effectively target such schemes to Plaintiff and Class Members.”
The plaintiff, an Arizona consumer who received eye care from Nationwide Vision when he was a minor, claims that he has experienced actual identity theft and fraud, which he discovered after receiving a letter from the IRS on September 29, 2022. The case relays that an unauthorized person attempted to use the plaintiff’s name and taxpayer I.D. number to file a false tax return, and as a result, he must continuously acquire and enter a new identity protection personal I.D. number for every tax return he files for the rest of his life.
As the case tells it, U.S. Vision and USV Optical’s failure to properly secure or encrypt the information stored in their network violates the Health Insurance Portability and Accountability Act‘s(HIPAA) Security rule, which requires healthcare entities to protect sensitive patient health information from “reasonably anticipated threats to the security.” Additionally, the companies failed to comply with the minimum industry standards for cybersecurity, the Federal Trade Commission Act, the suit alleges.
The lawsuit looks to cover anyone identified by U.S. Vision, Inc. and USV Optical, Inc. (or their agents or affiliates) as being among those individuals impacted by the 2021 data breach.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.