Superior Vision Services, Inc., a managed vision care provider under Versant Health (acquired by MetLife), suffered a data breach via a phishing attack on July 9, 2025, exposing sensitive personally identifiable information (PII) and protected health information (PHI) of thousands of members. The compromised data included full names, physical addresses, phone numbers, email addresses, dates of birth, genders, Social Security numbers, vision coverage details, and employment-related enrollment information. The breach was discovered two days later, with unauthorized actors potentially downloading internal emails containing member data. Notifications to affected individuals began in September 2025, and the incident was reported to the New Hampshire Attorney General’s office on September 26, 2025. The breach exposed members to risks of identity theft, financial fraud, and unauthorized account access, prompting Superior Vision to offer free credit monitoring services and legal recourse for impacted individuals. Lawsuits are being pursued for compensation due to the company’s alleged failure to adequately safeguard sensitive data.
Source: https://www.claimdepot.com/investigations/superior-vision-data-breach-2025
TPRM report: https://www.rankiteo.com/company/versant-health
"id": "ver0293602092925",
"linkid": "versant-health",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Several thousand members (exact '
'number undisclosed)',
'industry': 'Healthcare (Vision Insurance)',
'location': 'Maryland, USA',
'name': 'Superior Vision Services, Inc.',
'type': 'Managed Vision Care Provider'},
{'customers_affected': 'Potentially affected (scope '
'unclear)',
'industry': 'Healthcare (Vision Insurance)',
'location': 'USA (Nationwide)',
'name': 'Versant Health, Inc.',
'size': 'Serves ~33-35 million members',
'type': 'Parent Company (Managed Vision Care)'}],
'attack_vector': 'Email Phishing',
'customer_advisories': ['Enroll in credit monitoring',
'Monitor accounts for fraud',
'Contact financial institutions if suspicious '
'activity is detected',
'Consider legal action for compensation'],
'data_breach': {'data_exfiltration': 'Yes (internal emails downloaded by '
'unauthorized actor)',
'file_types_exposed': ['Emails'],
'number_of_records_exposed': 'Several thousand (exact number '
'undisclosed)',
'personally_identifiable_information': ['Full name',
'Physical address',
'Phone number',
'Email address',
'Date of birth',
'Gender',
'Social Security '
'number'],
'sensitivity_of_data': 'High (includes SSN, health, and '
'employment data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-07-11',
'date_publicly_disclosed': '2025-09-01',
'description': 'Shamis & Gentile P.A. is investigating a data breach at '
'Superior Vision Services, Inc. and Versant Health, Inc., '
'where an unauthorized actor accessed internal emails '
'containing member information via a phishing attack. The '
'breach exposed sensitive personally identifiable information '
'(PII) and protected health information (PHI) of several '
'thousand members. Affected individuals may be eligible for '
'compensation and are advised to enroll in credit monitoring '
'services and seek legal assistance.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive member data',
'data_compromised': ['Full name',
'Physical address',
'Phone number',
'Email address',
'Date of birth',
'Gender',
'Social Security number',
'Vision coverage election information',
'Employment information related to '
'enrollment'],
'identity_theft_risk': 'High (PII and PHI exposed)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'systems_affected': ['Email Systems']},
'initial_access_broker': {'entry_point': 'Email Phishing',
'high_value_targets': ['Member PII/PHI data']},
'investigation_status': 'Ongoing (legal investigation by Shamis & Gentile '
'P.A.)',
'ransomware': {'data_exfiltration': 'Yes (via phishing)'},
'recommendations': ['Enroll in free credit monitoring (TransUnion '
'myTrueIdentity)',
'Monitor financial statements for suspicious activity',
'Place fraud alerts on credit reports',
'Request free annual credit reports',
'Seek legal counsel for compensation eligibility'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Announcement'},
{'date_accessed': '2025-09-26',
'source': 'New Hampshire Attorney General Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits (investigation '
'ongoing by Shamis & Gentile P.A.)',
'regulatory_notifications': ['New Hampshire '
'Attorney General '
'(notified Sept. 26, '
'2025)']},
'response': {'communication_strategy': ['Mail notifications to impacted '
'individuals',
'Public disclosure via legal '
'investigation announcements',
'Advisories for credit monitoring and '
'fraud alerts'],
'incident_response_plan_activated': 'Yes (Investigation launched '
'post-discovery)',
'remediation_measures': ['Notification letters sent to affected '
'individuals (Sept. 2025)',
'Disclosure to New Hampshire Attorney '
'General (Sept. 26, 2025)',
'Offer of free credit monitoring '
'(TransUnion myTrueIdentity)']},
'stakeholder_advisories': ['Mail notifications to affected members',
'Public advisories via law firm investigations'],
'threat_actor': 'Unauthorized Actor (Unknown)',
'title': 'Superior Vision Services, Inc. and Versant Health, Inc. Data Breach '
'(2025)',
'type': 'Data Breach (Phishing Attack)'}