MESVision experiences data breach stemming from MOVEit software vulnerability | Console and Associates, PC

On November 14, 2023, Medical Eye Services, Inc. filed (“MESVision”) a data breach notification to the Attorney General of Maine after discovering that MOVEit, a software program used by MESVision, contained a critical vulnerability that allowed hackers to access confidential data in the company’s possession. In this notice, MESVision explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and social security numbers. After completing its investigation, MESVision began sending data breach notification letters to all individuals whose information was affected by the latest data security incident.

If you receive a data breach notification from Medical Eye Services, Inc., it is important that you understand what is at risk and what you can do about it. As we have discussed earlier posts, hackers can use your social security number to commit identity theft crimes and other fraud against victims. A data breach attorney can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options after the Medical Eye Services MOVEit data breach. For more information, please see our recent piece on the subject here.

What caused the data breach affecting medical eye services?

The Medical Eye Services data breach was only recently announced and more information is expected in the near future. However, MESVision’s filing with the Attorney General of Maine provides some important information about what led to the breach. According to this source, MESVision uses a file transfer program called MOVEit, which is a product of Progress Software. On August 23, 2023, MESVision learned that an unauthorized party was able to exploit a critical vulnerability in MOVEit, which gave them access to MESVision’s MOVEit server.

In response, MESVision took its MOVEit server offline and launched an investigation with the help of cybersecurity experts. This investigation ultimately confirmed that an unauthorized party accessed and removed certain files containing confidential consumer information between May 28, 2023 and May 31, 2023.

After discovering that sensitive consumer data was accessible to an unauthorized party, Medical Eye Services reviewed the compromised files to determine what information was leaked and which consumers were affected. Although the breached information varies by individual, it may include your name and social security number.

On November 14, 2023, Medical Eye Services sent data breach letters to everyone affected by the latest data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More information about Medical Eye Services, Inc.

Established in 1976, Medical Eye Services, Inc. is a vision care provider based in Santa Ana, California. MESVision provides vision care plans to thousands of employer groups and millions of plan members nationwide through healthcare organizations, insurance companies and self-funded employer groups. MESVision also offers direct-to-consumer plans. Medical Eye Services employs more than 53 people and generates approximately $11 million in annual revenue.