Data Breach at Eyecare Tech Firm Ocuco

A Major Cybersecurity Incident in Eyecare Technology Ireland-based eyecare technology company Ocuco impacting more than 240,000 individuals.

On April 1, 2025, cybercriminals, linked to the KillSec ransomware group, claimed to have stolen hundreds of gigabytes of data from Ocuco, including at least 670,000 files totaling 340 GB. The hackers listed Ocuco on their Tor-based leak website, publishing screenshots to support their claims. While the stolen data was reportedly exposed, it was not available for download at the time of reporting.

KillSec (the Kill ransomeware group) is a relatively new but rapidly emerging ransomware group that first appeared publicly in late 2023. Initially presenting itself with hacktivist overtones, the group has since evolved into a full-fledged Ransomware-as-a-Service (RaaS) syndicate, offering tools and services to affiliates for launching cyberattacks. KillSec is known for its double-extortion tactics, where it not only encrypts victims’ data but also threatens to leak it unless a ransom is paid. The group operates across multiple domains, including unauthorized penetration testing and open-source intelligence (OSINT) services, and is believed to have roots in Eastern Europe or Russia. Despite claiming to avoid critical infrastructure, KillSec has disproportionately targeted the healthcare sector, raising serious ethical and legal concerns. Its growing list of victims and sophisticated operations mark it as a significant threat in the global cybersecurity landscape. Read More

Ocuco officially reported the breach to the U.S. Department of Health and Human Services (HHS) on May 30, 2025, confirming that protected health information (PHI) and personally identifiable information (PII) were compromised3. The company has begun notifying affected individuals and regulatory authorities.

Founded in 1993, Ocuco is a Dublin, Ireland based provider of optical retail software, serving over 6,000 locations across 77 countries. The company offers patient relationship management software and laboratory management systems to optical retailers, eye hospitals, and optical labs worldwide.

Ocuco revealed that the breach was enabled by a newly discovered vulnerability in third-party software used on its non-production servers. The company stated that the vulnerability was not timely disclosed, allowing unauthorized access to sensitive files. Ocuco has since patched the vulnerability and implemented additional security measures to strengthen its cybersecurity posture.

The breach has prompted investigations and potential class-action lawsuits with some law firms requesting information from affected individuals to assess legal action against Ocuco for failing to protect sensitive data. 

References

SecurityWeek

www.classaction.org

straussborrelli.com

www.masonllp.com

www.claimdepot.com

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

GTS Security,
Exo Building,
North Wall Quay,
Dublin 1,
D01 W5Y2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

(your logo & profile link here)

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more