A $3.45 million settlement was proposed to resolve a combined class action lawsuit associated with a data breach at USV Optical, a U.S. Vision subsidiary. The 2021 data breach impacted over 710,000 people, which included 73,073 Nationwide Optometry patients and 637,999 Sightcare members.
As a HIPAA business associate, U.S. Vision offers administrative services to Sightcare (Nationwide-Sightcare), Nationwide Vision Center, and Nationwide Optometry. On May 12, 2021, USV Optical identified suspicious activity within its system.
Based on the investigation findings, hackers accessed USV Optical’s email systems and computer network from April 20, 2021 to May 17, 2021. Potentially compromised information included full names, birth dates, addresses, taxpayer ID numbers, Social Security numbers, driver’s license numbers, financial account data, health and/or treatment data, prescription drugs, medical insurance data, and billing and claims data.
Three class action lawsuits were combined into one lawsuit. The U.S. Vision Data Breach Litigation was filed in the U.S. District Court for the District of New Jersey. The lawsuits claimed an inability to sufficiently protect sensitive information and give prompt and precise notices to the impacted persons. The breach was discovered in September 2021; but personal notifications were sent to the impacted persons on October 2022.
The plaintiffs asserted to have sustained injuries because of the data breach which included out-of-pocket costs, loss of the advantage of their bargains, emotional problems, and they had to expend time resolving the data breach and securing themselves against the improper use of their sensitive information. The lawsuits claimed negligence, breach of fiduciary duty, negligence per se, unjust enrichment,
breach of implied contract, and asserted violations of the Oklahoma Consumer Protection Act and the Arizona Consumer Fraud Act.
The settlement proposal takes care of all claims against Nationwide-Sightcare. The settlement doesn’t cover USV Optical, Inc. and U.S. Vision, Inc. and settles no claims against those organizations. Nationwide-Sightcare stands by its claims of no wrongdoing and rejects all allegations in the lawsuit; nevertheless, it was decided to end the legal action to prevent more legal expenses and the uncertainty of trial.
As per the conditions of the settlement, class members will get some benefits. All class members can file a claim to receive two years of free 3-bureau credit and identity theft monitoring services and cash for documented and undocumented expenditures accrued due to the data breach. Or, they can opt to claim a cash amount that is paid pro rata after paying legal expenses, lawyer’s fees, and claims. The cash payment is estimated to be approximately $50 per claimant.
Class members who opt to file a claim for losses as a result of the data breach can claim as much as $5,400, which could include claims of around $300 for recorded ordinary costs, and costs and expenditures handling identity theft and fraud and preventative steps such as buying credit monitoring services. As much as $5,000 can be claimed as a refund for recorded extraordinary expenditures, like losses to identity theft and fraud, and around $100 can be claimed for unrecorded lost time valued at $25 an hour.
The last day to file an objection to and exclusion from the proposed settlement is on August 23, 2024. Claims should be filed on or before September 23, 2024. The schedule of the final approval hearing is on October 15, 2024.
Photo credits: Mongta Studio, AdobeStock
