To follow up on a previous post, it seems Visionworks Inc. did have a second breach recently, and like the first one, it involved hardware that went missing after an upgrade. This one affected 48,000 customers in Jacksonville, FL.
In a statement posted on their site, Visionworks writes:
Statement on recent Visionworks privacy issue
SAN ANTONIO (Nov. 21, 2014) – Visionworks, Inc. recently learned of an incident that may involve personal information of individuals who have received services at the vision retail chain’s Mall of the Avenues, Jacksonville, Fl. location prior to September 26, 2014.
An extensive internal and external investigation to locate a missing database server, which was lost following a computer replacement upgrade, has recently been concluded. The server potentially held partially unencrypted protected health information belonging to approximately 48,000 of the store’s customers. All credit card information housed on the server was encrypted, and therefore should not be at risk. Customers’ exam information was not stored on the lost server.
While the location of the server is still undetermined, it was likely discarded by an employee. At this time, there is no reason to believe that any of the information residing on the server has been accessed or used inappropriately.
Nevertheless, in an abundance of caution, Visionworks is notifying the customers potentially affected by the incident and informing them of the associated personal risks. In addition, Visionworks will provide those customers with free credit monitoring for one year.
In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.
Visionworks members are asked to direct questions and concerns related to this issue to 1-888-790-9904.