JULY 2, 2024 UPDATE: U.S. Vision has reached a $3,450,000 data breach settlement.
On April 20, 2021, U.S.Vision, Inc., experienced a significant data breach that affected customers of JCPenney Optical. The breach was discovered on May 12, 2021, when U.S.Vision noticed suspicious activity on their network. An investigation revealed that an unauthorized individual had accessed their network intermittently between April 20, 2021, and May 17, 2021. During this period, files containing sensitive consumer information were potentially viewed and/or taken by the unauthorized individual.
The compromised data includes a wide range of personal and medical information:
This breach is severe due to the breadth and sensitivity of the information exposed. The unauthorized access was carried out by an individual who managed to infiltrate U.S.Vision's network multiple times over nearly a month.
Upon discovering the breach, U.S.Vision immediately launched an investigation with the help of industry-leading cybersecurity specialists. They conducted a comprehensive review of the impacted files to determine the extent of the breach and identify the affected individuals. U.S.Vision has taken steps to improve their security measures to prevent future incidents.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.