River City Eye Care Data Breach Affects PII and PHI of 6.5k People

River City Eye Care experienced a major data breach that exposed patient information. An investigation took place and determined that on or around Sept. 8, 2025, an unauthorized actor copied files from the eye care practice's internal network.

The cyberattack compromised both personally identifiable information (PII), including names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers and driver's license numbers. River City Eye Care published a Notice of Data Event on its website on Oct. 16, 2025.

According to the Oregon Attorney General's disclosure, the breach has impacted 6,588 people across the country. The practice began mailing notices to affected individuals in Oct. 2025.

The data breach was also disclosed to the Vermont Attorney General's office on Oct. 20, 2025. The cybersecurity incident puts patients at risk for identity theft and fraud.

River City Eye Care's response

In response to the breach, River City Eye Care took steps to secure its network and notified law enforcement. In addition to required state and federal disclosures, the eye care practice is offering affected individuals free Epiq Privacy Solutions ID credit monitoring and identity theft restoration services.

If you receive notification from River City Eye Care about this breach, you may want to:

• Sign up for the free credit monitoring and identity theft restoration services, offered by the practice.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.