Superior Vision Service, a vision benefit provider under Versant Health, suffered a cyberattack initiated via a phishing email targeting an employee on July 9, 2025. The investigation confirmed that cybercriminals exfiltrated emails containing personally identifiable information (PII) and protected health information (PHI) on July 11, 2025. Compromised data included full names, physical addresses, phone numbers, email addresses, dates of birth, gender, Social Security numbers, vision coverage details, and employment-related enrollment information. The breach affected thousands of individuals, though the exact number remains undisclosed. Superior Vision responded by disabling the compromised email account, securing its systems, and notifying law enforcement. Impacted individuals were offered one year of free three-bureau credit monitoring through TransUnion’s myTrueIdentity service. Notifications to affected parties and the New Hampshire Attorney General were issued on September 26, 2025. The incident poses significant risks of identity theft, financial fraud, and targeted phishing attacks due to the sensitivity of the exposed data. Customers were advised to enroll in credit monitoring, scrutinize financial accounts, and consider fraud alerts or credit freezes.
Source: https://www.claimdepot.com/data-breach/superior-vision-2025
TPRM report: https://www.rankiteo.com/company/superior-vision-services
"id": "sup2793327092925",
"linkid": "superior-vision-services",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands (Exact Number '
'Undisclosed)',
'industry': 'Healthcare',
'name': 'Superior Vision Service',
'type': 'Vision Benefit Provider'},
{'industry': 'Healthcare',
'name': 'Versant Health',
'type': 'Parent Company / Affiliate'}],
'attack_vector': 'Phishing Email',
'customer_advisories': ['Mail notifications sent to affected individuals on '
'2025-09-26.',
'Free credit monitoring (TransUnion Interactive) '
'offered via myTrueIdentity.'],
'data_breach': {'data_exfiltration': 'Likely (Emails Downloaded by '
'Cybercriminal)',
'file_types_exposed': ['Emails'],
'number_of_records_exposed': 'Thousands (Exact Number '
'Undisclosed)',
'personally_identifiable_information': ['Full Names',
'Physical Addresses',
'Phone Numbers',
'Email Addresses',
'Dates of Birth',
'Gender',
'Social Security '
'Numbers',
'Vision Coverage '
'Election Information',
'Employment '
'Information'],
'sensitivity_of_data': 'High (Includes SSNs, Health, and '
'Employment Data)',
'type_of_data_compromised': ['PII', 'PHI']},
'date_detected': '2025-07-09',
'date_publicly_disclosed': '2025-09-26',
'description': 'Superior Vision Service, a vision benefit provider, '
'experienced a cyberattack initiated by a phishing email '
'targeting an employee on July 9, 2025. The investigation '
'revealed that a cybercriminal may have downloaded emails '
'containing customer PII and PHI on July 11, 2025. The '
'compromised data included full names, addresses, phone '
'numbers, email addresses, dates of birth, gender, Social '
'Security numbers, vision coverage details, and employment '
'information. Notifications to affected individuals and the '
'New Hampshire Attorney General were issued on September 26, '
'2025. The breach is estimated to impact thousands of '
'individuals.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Thousands '
'Affected)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'High (SSNs, PII, PHI Exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Phishing Email (Employee '
'Compromise)',
'high_value_targets': ['Employee Email Account '
'(Customer Data)']},
'investigation_status': 'Completed (Notifications Issued)',
'post_incident_analysis': {'root_causes': ['Successful Phishing Attack '
'Targeting Employee',
'Lack of Email Security Controls '
'(e.g., MFA, Anti-Phishing)']},
'recommendations': ['Sign up for free credit monitoring services offered by '
'Superior Vision.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails or calls exploiting exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Claim Depot (Article)'},
{'source': 'Versant Health Website'}],
'regulatory_compliance': {'regulatory_notifications': ['New Hampshire '
'Attorney General '
'(Disclosed on '
'2025-09-26)']},
'response': {'communication_strategy': ['Mail Notifications to Affected '
'Individuals',
'Disclosure to New Hampshire Attorney '
'General'],
'containment_measures': ['Disabled Compromised Email Account',
'Secured Systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Offered Free Credit Monitoring '
'(TransUnion Interactive, '
'myTrueIdentity)']},
'title': 'Superior Vision Service Data Breach via Phishing Attack',
'type': ['Data Breach', 'Phishing Attack'],
'vulnerability_exploited': 'Human Error (Employee Susceptibility to Phishing)'}