20/20 Eye Care Network, Inc.

On January 11, 2021, 20/20 Eye Care Network, Inc. suffered a data breach exposing sensitive personal information of 690 Washington residents. The compromised data included names, Social Security numbers, dates of birth, and health insurance details highly valuable identifiers for identity theft and fraud. Such breaches often lead to long-term risks for affected individuals, including financial fraud, unauthorized credit applications, and medical identity theft. The exposure of health insurance information further escalates concerns, as it could enable fraudulent medical claims or targeted phishing schemes. While the breach did not involve ransomware or a full-scale system takeover, the leak of personally identifiable information (PII) and protected health data poses severe reputational damage to the company and significant harm to the impacted individuals. Regulatory scrutiny, potential lawsuits, and mandatory breach notifications (as evidenced by the Washington State Attorney General’s report) add to the operational and financial burdens. The incident underscores vulnerabilities in data protection practices, particularly in healthcare-adjacent sectors where safeguarding patient-related data is critical.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10472

TPRM report: https://www.rankiteo.com/company/20-20-eye-care-network

"id": "20-126082125",
"linkid": "20-20-eye-care-network",
"type": "Breach",
"date": "1/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 690,
                        'industry': 'Healthcare',
                        'location': 'Washington, USA',
                        'name': '20/20 Eye Care Network, Inc.',
                        'type': 'Healthcare Provider'}],
 'data_breach': {'number_of_records_exposed': 690,
                 'personally_identifiable_information': ['names',
                                                         'Social Security '
                                                         'numbers',
                                                         'dates of birth'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2021-01-11',
 'description': 'The Washington State Office of the Attorney General reported '
                'that 20/20 Eye Care Network, Inc. experienced a data breach '
                'on January 11, 2021, potentially affecting 690 Washington '
                'residents. The breached information may have included names, '
                'Social Security numbers, dates of birth, and health insurance '
                'information.',
 'impact': {'data_compromised': ['names',
                                 'Social Security numbers',
                                 'dates of birth',
                                 'health insurance information'],
            'identity_theft_risk': 'High (PII and SSNs exposed)'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA (likely)',
                                                    'Washington State Data '
                                                    'Breach Notification Law'],
                           'regulatory_notifications': ['Washington State '
                                                        'Office of the '
                                                        'Attorney General']},
 'title': '20/20 Eye Care Network, Inc. Data Breach (2021)',
 'type': 'Data Breach'}