Medical Eye Services, Inc. (MESVision), a vision care provider headquartered in Santa Ana, California, disclosed a recent data breach due to a critical vulnerability in its software, MOVEit, utilized by the company. The breach resulted in unauthorized access to sensitive consumer data, including names and Social Security numbers.
MESVision reported the breach to the Attorney General of Maine on November 14, 2023, after discovering that an unauthorized party exploited a vulnerability in the MOVEit program, a product of Progress Software. This allowed access to MESVision’s MOVEit server. The breach occurred between May 28, 2023, and May 31, 2023.
Upon detecting the breach, MESVision promptly shut down its MOVEit server and conducted an investigation with cybersecurity experts. The investigation confirmed unauthorized access and removal of specific files containing confidential consumer information.
Following the breach, MESVision sent out data breach notification letters on November 14, 2023, to individuals affected by the incident. These letters detail the compromised information belonging to each victim.
Established in 1976, MESVision provides vision care plans to numerous employer groups and millions of plan members across the nation through various health care organizations, insurance carriers, and self-funded employer groups. Additionally, it offers direct-to-consumer plans. The company, with over 53 employees, generates an annual revenue of approximately $11 million.