Ocuco Inc Data Breach Affects 240,961 Individuals

Ocuco Inc, an eyecare software solutions company has experienced a major data breach affecting several thousand individuals. Ocuco’s software is widely used across the optical industry, serving thousands of practices, clinics, and labs.

A ransomware attack compromised Ocuco’s systems, impacting both personally identifiable information (PII) and protected health information (PHI). The cybersecurity incident was disclosed to the U.S. Department of Health and Human Services on May 30, 2025, reporting a total of 240,961 individuals in the United States were affected.

The ransomware attack was carried out by a group known as Kill Security (also referred to as “killsec”), with the incident first surfacing on the dark web on April 1, 2025. The attackers claimed responsibility and posted details about the hack on the Tor network.

While the specific types of data exposed is still being investigated, a data breach compromising PII and PHI may involve dates of birth, contact information, health records and payment or insurance details.

Ocuco's response

The company has begun reporting the incident to federal authorities. Customers and affected individuals will be notified in accordance with regulatory requirements.

If you believe your personal or protected health information may have been compromised in this data breach:

• Carefully review any notice or communication you receive from Ocuco or your eyecare provider.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more information about the company and its services, visit the Ocuco website.