Andover Eye Associates Reports Data Breach Affecting Thousands, Including 237 New Hampshire Residents
Andover Eye Associates, a multi-specialty ophthalmic practice based in Andover, Massachusetts, disclosed a data breach on December 31, 2025, impacting potentially thousands of individuals across the U.S., with at least 237 confirmed cases in New Hampshire. The breach involved unauthorized access to sensitive personal information, including names and Social Security numbers—key details that heighten the risk of identity theft.
The incident came to light on June 10, 2025, when the organization detected suspicious activity in two employee email accounts. An investigation revealed that an unauthorized actor had accessed at least one of the accounts as early as May 28, 2025. By November 4, 2025, the company confirmed the exposure of personally identifiable information (PII). While the exact attack method remains undisclosed, the compromise of Social Security numbers underscores the severity of the breach.
Andover Eye Associates reported the incident to the New Hampshire Attorney General’s office and began notifying affected individuals via mail. In response, the organization has enhanced its cybersecurity measures and is offering one year of credit monitoring services through Epiq Global to impacted parties. No further details on the breach’s origin or the number of total affected individuals have been publicly released.
Source: https://www.claimdepot.com/data-breach/andover-eye-associates-2026
Andover Eye Associates & GloMD cybersecurity rating report: https://www.rankiteo.com/company/andover-eye-associates-&-glomd
"id": "AND1767376038",
"linkid": "andover-eye-associates-&-glomd",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands (including at least '
'237 New Hampshire residents)',
'industry': 'Ophthalmology',
'location': 'Andover, Massachusetts, USA',
'name': 'Andover Eye Associates',
'type': 'Healthcare Provider'}],
'attack_vector': 'Email Compromise',
'customer_advisories': 'Impacted individuals notified by mail',
'data_breach': {'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-06-10',
'date_publicly_disclosed': '2025-12-31',
'description': 'Andover Eye Associates reported a data breach affecting the '
'personal information of potentially thousands of individuals '
'across the U.S., including at least 237 New Hampshire '
'residents. The breach involved unauthorized access to '
'employee email accounts, leading to the exposure of sensitive '
'personal information such as names and Social Security '
'numbers.',
'impact': {'data_compromised': 'Names, Social Security numbers',
'identity_theft_risk': 'Increased risk of identity theft',
'systems_affected': 'Employee email accounts'},
'initial_access_broker': {'entry_point': 'Employee email accounts'},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': 'Assessed cybersecurity and '
'implemented additional '
'safeguards'},
'references': [{'source': 'New Hampshire Attorney General’s office'}],
'regulatory_compliance': {'regulatory_notifications': 'Disclosed to the New '
'Hampshire Attorney '
'General’s office'},
'response': {'communication_strategy': 'Notification by mail to impacted '
'individuals',
'remediation_measures': 'Implemented additional safeguards',
'third_party_assistance': 'Epiq Global (credit monitoring '
'services)'},
'title': 'Andover Eye Associates Data Breach',
'type': 'Data Breach'}