Cyber Incident Victim: Eyemart Express, LLC
Date:
Aug 2020
Location:
United States of America
Summary
Eyemart Express experienced a cyberattack compromising certain email accounts, though internal medical and billing systems remained unaffected. Unauthorized access exposed limited personal information including names, email addresses, and appointment or order-related subject lines for a small customer group; the company issued individual notifications while broadly informing all customers due to potential risks of additional email account data exposure. A dedicated helpline was established for inquiries, with no evidence suggesting expanded impact beyond the initially identified scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 21, 2020, an unauthorized actor gained access to certain email accounts belonging to Eyemart Express, LLC, a nationwide eyewear retailer operating under additional brands including Eyewear Express, Vision 4 Less, and Visionmart Express. The intrusion remained undetected until December 11, 2020, when the company discovered the breach and immediately initiated containment measures to halt further unauthorized access. Eyemart Express launched a thorough investigation that determined the attacker accessed limited personal information for a small subset of customers. The compromised data consisted exclusively of names, email addresses, and the subject lines of email communications between the company and affected individuals. These subject lines pertained to routine operational matters such as eye exam appointment reminders and eyeglass order status updates. The investigation confirmed that the breach did not extend to Eyemart Express’ internal systems housing medical records or billing information, limiting the exposure of sensitive health or financial data.
Following the investigation, Eyemart Express issued individual notification letters to all customers whose information was confirmed as compromised during the incident. While no evidence indicated broader impact beyond the initially identified group, the company acknowledged the theoretical possibility that the attacker could have accessed additional personal information within the breached email accounts. As a precautionary transparency measure, Eyemart Express published a general breach notice in local media outlets on March 21, 2021, alerting all customers to the incident despite the limited confirmed scope. The company established a dedicated toll-free call center (855-654-0481) operational Monday through Friday during Central Time business hours to address customer inquiries. Eyemart Express emphasized maintaining service across its 200+ retail locations throughout the incident response period without disclosing specific technical details regarding attack vectors, containment methodologies, or forensic investigation partners. The breach timeline spanned nearly four months from initial intrusion to detection, with public notification occurring approximately three months after discovery.