Ocuco Ltd. Data Breach (2025)

A data breach involving eye care technology provider Ocuco Ltd. has potentially compromised the personal and health information of customers who received eye exams or purchased eyewear at SpecSavers in Kelowna. The breach, which occurred between March 28 and April 1, 2025, stemmed from a vulnerability in third-party software used by Ocuco, a company that provides software services for optical retailers. Ocuco confirmed in a notification letter that it had not been made aware of the software vulnerability in time to prevent unauthorized access. As a result, a ransomware group accessed the information of 240,961 patients in U.S. and Canada. A law firm investigating the breach says data leaked on the dark web affected customers of eye care providers SpecSavers and Costco as well as U.S. firms HoustonEye, Kaiser, Mayo Clinic and Optos. A customer in Kelowna received the official breach notification related to SpecSavers this week. The customer tells Castanet exposed data may include: Full name Contact information Date of birth Gender Personal health number Prescription details Health insurance information The company says that no payment or credit card information was accessed. As a precaution, Ocuco is offering 24 months of complimentary credit monitoring and identity protection services through TransUnion Canada to all affected individuals."