Texas-based eye care services provider Visionworks is notifying as many as 75,000 customers who received services at its Jennifer Square location in Annapolis, MD that an investigation is underway to locate a missing database server potentially containing their personal information.
How many victims? As many as 75,000.
What type of personal information? Partially unencrypted protected health information and encrypted credit card information.
What happened? A database server containing the personal information went missing after being replaced during scheduled upgrades.
What was the response? An investigation is currently underway to locate the missing database server. All potentially impacted individuals are being notified, and offered a free year of credit monitoring services.
Details: The database server was replaced on June 2, and is believed to have been sent to one of the store's local landfills along with other miscellaneous refuse. The server potentially held partially unencrypted protected health information. Credit card information was encrypted and is not believed to be at risk.
Quote: “At this time, there is no reason to believe that any of the information residing on the server has been accessed or used inappropriately,” according to the notification posted to the Visionworks website.
Source: visionworks.com, “Statement on recent Visionworks privacy issue,” Nov. 10, 2014.