Andover Eye Associates Data Breach Impacts Hundreds

Andover Eye Associates, a multi-specialty ophthalmic medical practice in Andover, Mass., has reported a data breach affecting the personal information of potentially thousands of individuals across the U.S., including at least 237 New Hampshire residents.

On June 10, 2025, Andover Eye Associates became aware of suspicious activity in two employee email accounts. An investigation determined that an unauthorized actor gained access to at least on of the emails on May 28, 2025.

By Nov. 4, 2025, the company determined that the breach involved sensitive personal information, specifically names and Social Security numbers. This type of data is considered personally identifiable information (PII) and, when combined, can increase the risk of identity theft for those affected.

While the specific method used by the attackers has not been detailed in the public disclosure, the exposure of Social Security numbers indicates a significant compromise of confidential data. The incident was disclosed to the New Hampshire Attorney General’s office on Dec. 31, 2025. Impacted individuals have been notified by mail.

Andover Eye Associates' response

In response to the cybersecurity incident, the company assessed its cybersecurity and implemented additional safeguards. The company is also providing impacted individuals with one year of credit monitoring services through Epiq Global.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Andover Eye Associates or a company that does business with Andover Eye Associates.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.