Asheville Eye Associates Data Breach Settlement Offers Compensation to Affected Patients
A class action settlement has been reached with Asheville Eye Associates PLLC following a November 2024 cyberattack that exposed sensitive patient data, including personally identifiable information (PII) and protected health information (PHI). The breach affected both current and former patients, regardless of whether they experienced financial harm or identity theft.
Eligible class members those who received a breach notification can receive benefits under the settlement, including:
- A $10 voucher for eyeglasses at most Asheville Eye Associates locations (excluding the 21 Medical Park Drive office in Asheville, NC).
- One year of complimentary identity theft protection with one-bureau monitoring, provided by Kroll Settlement Administration LLC.
- Up to $1,250 in reimbursement for documented out-of-pocket expenses, such as bank fees, card reissuance costs, late fees, credit monitoring services, and other breach-related losses.
Class members do not need to submit a claim to receive the voucher or identity theft protection, which will be provided automatically. However, those seeking reimbursement must file a claim online or by mail, including their class member ID and supporting documentation (e.g., receipts, bank statements). Payments will be issued via electronic transfer or check after final court approval.
The settlement fund covers administrative costs ($53,000), attorneys’ fees (up to $500,000), and service awards for class representatives (up to $6,250). Key deadlines include:
- Claim filing & opt-out deadline: April 6, 2026
- Final approval hearing: May 14, 2026
Asheville Eye Associates denies any wrongdoing but agreed to the settlement to resolve litigation and provide relief to affected individuals. Payments will be distributed after the court grants final approval and resolves any appeals.
Source: https://www.claimdepot.com/settlements/aea-data-settlement
Asheville Eye Associates cybersecurity rating report: https://www.rankiteo.com/company/asheville-eye-assoc
"id": "ASH1770660245",
"linkid": "asheville-eye-assoc",
"type": "Breach",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former patients',
'industry': 'Healthcare',
'location': 'Asheville, NC, USA',
'name': 'Asheville Eye Associates PLLC',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Breach notification sent to affected patients',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)']},
'date_detected': '2024-11',
'description': 'A class action settlement has been reached with Asheville Eye '
'Associates PLLC following a November 2024 cyberattack that '
'exposed sensitive patient data, including personally '
'identifiable information (PII) and protected health '
'information (PHI). The breach affected both current and '
'former patients, regardless of whether they experienced '
'financial harm or identity theft.',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action settlement'},
'investigation_status': 'Settlement reached',
'references': [{'source': 'Class action settlement announcement'}],
'regulatory_compliance': {'legal_actions': 'Class action settlement',
'regulations_violated': ['HIPAA']},
'response': {'communication_strategy': 'Breach notification to affected '
'patients',
'third_party_assistance': 'Kroll Settlement Administration LLC'},
'title': 'Asheville Eye Associates Data Breach Settlement',
'type': 'Data Breach'}