On May 30, 2025, Ocuco, Inc. (“Ocuco”) filed a breach notification with the U.S. Department of Health and Human Services (HHS) advising that Ocuco had experienced a data breach. According to Ocuco, cybercriminals infiltrated its inadequately secured computer systems through a successful ransomware attack. The investigation further determined that, through this infiltration, cybercriminals potentially accessed and stole files containing the sensitive personal information of 240,961 individuals.
Initial investigations indicate the breach likely occurred on April 1, 2025, when attackers from the ransomware group KillSec infiltrated Ocuco’s network. According to KillSec’s claims on the dark web, over 340 GB of data, including 670,344 files and 26,838 folders, were exfiltrated during the attack.
As a result of the Ocuco data breach, the affected individuals’ personal and highly confidential information may be in the hands of cybercriminals who can place the information for sale on the dark web or use the information to perpetrate identity fraud.
Murphy Law Firm is investigating claims on behalf of all individuals whose personal and confidential information was potentially compromised in the data breach. We are evaluating legal options, including a potential class action lawsuit, to recover damages for individuals who were affected by the Ocuco data breach.