On November 14, 2023, Medical Eye Services, Inc. (“MESVision”) filed a notice of data breach with the Attorney General of Maine after discovering that MOVEit, a software program used by MESVision, contained a critical vulnerability that gave hackers access to confidential data in the company’s possession. In this notice, MESVision explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and Social Security numbers. Upon completing its investigation, MESVision began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from Medical Eye Services, Inc., it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, hackers can use your Social Security number to carry out identity theft crimes and other frauds against victims. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Medical Eye Services MOVEit data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Medical Eye Services?

The Medical Eye Services data breach was only recently announced, and more information is expected in the near future. However, MESVision’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, MESVision uses a file-transfer program called MOVEit, which is a product of Progress Software. On August 23, 2023, MESVision learned that an unauthorized party was able to exploit a critical vulnerability within MOVEit, which granted them access to MESVision’s MOVEit server.

In response, MESVision took its MOVEit server offline and launched an investigation with the help of cybersecurity experts. This investigation ultimately confirmed that an unauthorized party accessed and removed certain files containing confidential consumer information between May 28, 2023 and May 31, 2023.

After learning that sensitive consumer data was accessible to an unauthorized party, Medical Eye Services reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.

On November 14, 2023, Medical Eye Services sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Medical Eye Services, Inc.

Established in 1976, Medical Eye Services, Inc. is a vision care provider based out of Santa Ana, California. MESVision provides vision care plans to thousands of employer groups and millions of plan members nationwide through health care organizations, insurance carriers, and self-funded employer groups. MESVision also offers direct-to-consumer plans. Medical Eye Services employs more than 53 people and generates approximately $11 million in annual revenue.