Asheville Eye Associates Data Breach Settlement, Claim Up To $1,250 Plus Free Identity Monitoring By April 2026
If you received a data breach notification from Asheville Eye Associates after the November 2024 cyberattack, you can claim up to $1,250 in reimbursement, a $10 voucher for eyeglasses, and one year of free identity theft protection. The final approval hearing is scheduled for February 23, 2026.
Nearly 328,000 patients had their Social Security numbers, medical records, and personal health data stolen when the DragonForce ransomware group hacked Asheville Eye Associates’ systems in November 2024. The healthcare provider reached a class action settlement offering compensation and credit monitoring to all affected individuals.
What Happened In The Asheville Eye Associates Data Breach
On November 18, 2024, unauthorized hackers breached Asheville Eye Associates’ computer network and accessed sensitive patient data. The company discovered the intrusion on April 14, 2025—nearly five months after the attack occurred.
The DragonForce ransomware group claimed responsibility for the breach and posted approximately 540GB of stolen data, including patient names, email addresses, dates of birth, Social Security numbers, patient account numbers, diagnosis information, medical treatment details, and health insurance information.
For physicians and employees, the breach exposed even more: addresses, phone numbers, spouses’ names, driver’s licenses, passports, Social Security numbers, professional licenses, HR documents, and payment details.
The Settlement Explained
Asheville Eye Associates, PLLC agreed to a class action settlement that received preliminary approval from North Carolina Business Court on November 5, 2025. The settlement offers three categories of benefits to the approximately 327,756 affected individuals.
According to court documents, the settlement provides vouchers, out-of-pocket expense reimbursement, and identity theft protection services to all class members. Asheville Eye denies any wrongdoing but agreed to settle to avoid the costs and risks of continued litigation.
Like recent healthcare breaches including the Continuum Health Class Action Settlement Pays Up To $5,000—380,000 Patients’ Social Security Numbers And Medical Records Exposed, this case highlights how vulnerable patient data remains in healthcare systems.
Who Is Eligible To File A Claim
You qualify as a settlement class member if your personal health information (PHI) or personally identifiable information (PII) was compromised in the November 2024 Asheville Eye Associates data breach.
The settlement class includes up to 327,756 individuals who received breach notification letters from Asheville Eye Associates. If you were a patient at any of the company’s 10 Western North Carolina locations or an employee whose information was stored in their systems, you likely qualify.
Settlement Benefits Breakdown
$10 Eyeglass Voucher: All settlement class members automatically receive a $10 voucher for eyeglass purchases at any Asheville Eye location except 21 Medical Park Drive, Asheville, North Carolina, 28803. No claim form required—vouchers will be included with settlement notices and remain valid for one year.
Out-of-Pocket Expense Reimbursement: Up to $1,250 per person for documented, unreimbursed expenses directly caused by the data breach. Eligible expenses include bank fees (overdraft, card reissuance, late fees, over-limit fees), costs of credit reports or credit monitoring services purchased in response to the breach, professional fees to resolve identity theft issues, interest on payday loans due to card cancellation, and time spent addressing the breach.
Identity Theft Protection: All class members can enroll in one year of one-bureau Essential Monitoring. This service can be used alongside any credit monitoring Asheville Eye previously offered. The enrollment code will be provided in your settlement notice and remains valid for 90 days after notices are mailed.
Similar to the $4M Numotion Data Breach Data Breach Class Action Settlement Claim Up To $15,000 By March 18, 2026, documented losses receive priority reimbursement from the settlement fund.
Important Settlement Deadlines
Within 30 days after preliminary approval (November 5, 2025): Settlement notices mailed to all class members
60 days after notice deadline: Deadline to opt out or object to the settlement
60 days after notice deadline: Claim form submission deadline for out-of-pocket reimbursement
February 23, 2026: Final approval hearing at 10:00 a.m. before North Carolina Business Court
Approximately 45 days after final approval: Settlement benefits begin distribution (assuming no appeals)
How To File Your Claim
The settlement administrator, Kroll, will provide claim forms through the official settlement website https://aeadatasettlement.com Class members who received settlement notices will be able to submit claims online or by mail.
To claim out-of-pocket expense reimbursement up to $1,250, you must submit documentation proving your expenses are directly related to the data breach, occurred after November 18, 2024, and have not been reimbursed by another source. Acceptable documentation includes receipts, bank statements, invoices, or credit reports showing fraudulent activity.
The eyeglass voucher and identity theft protection enrollment code will be automatically sent to all class members—no claim form needed for these benefits.
What Documentation You Need
For the $1,250 reimbursement claim: Third-party documentation such as receipts for credit monitoring services, bank statements showing overdraft or late fees, invoices from identity theft resolution services, credit card statements proving unauthorized charges, or documentation of time spent resolving breach-related issues.
For identity theft protection: Just the enrollment code provided in your settlement notice. Valid for 90 days after notices are sent.
For the $10 eyeglass voucher: Nothing required—automatically included with your settlement notice.
Case Details And Settlement Administrator
Case Name: In Re: Asheville Eye Associates Data Incident Litigation
Court: North Carolina Business Court, Buncombe County
Settlement Administrator: Kroll
Class Counsel: Milberg Coleman Bryson Phillips Grossman PLLC
The settlement website https://aeadatasettlement.com/files/Asheville%20Eye%20Associates%20-%20Claim%20Form_v3.pdf . Class members can expect to receive settlement notices within 30 days of the November 5, 2025 preliminary approval date.
What Settlement Class Members Should Know
The breach exposed highly sensitive data. With Social Security numbers, medical diagnoses, and health insurance information all compromised, affected individuals face significant identity theft and medical fraud risks for years to come.
DragonForce is a known ransomware operation. This group has targeted multiple healthcare providers and typically publishes stolen data if ransom demands aren’t met. The 540GB of data reportedly stolen suggests comprehensive access to Asheville Eye’s systems.
Medical identity theft is particularly dangerous. Unlike credit card fraud, medical identity theft can result in incorrect information in your medical records, denied insurance claims, or bills for services you never received.
Similar healthcare breaches like the MHCC Class Action Lawsuit Settlement Approved, McLaren Health Care Data Breach Victims Can Claim Up To $5,000 Before April 2026 Hearing demonstrate that ransomware attacks on healthcare systems have become increasingly common and devastating.
Common Settlement Misconceptions
Myth: You need to prove identity theft occurred to get reimbursement.
Reality: You need documentation of unreimbursed expenses caused by the breach, which can include preventative measures like credit monitoring you purchased.
Myth: The settlement only covers patients.
Reality: Employees whose information was compromised in the breach are also included in the settlement class.
Myth: Free credit monitoring is worthless.
Reality: One year of credit monitoring with identity theft insurance provides valuable protection, especially since your Social Security number was exposed.
What To Do Right Now
Step 1: Locate your settlement notice. If you were affected by the breach, you should receive a notice by mail within 30 days of November 5, 2025.
Step 2: Gather documentation of any expenses related to the breach. This includes receipts for credit monitoring services, bank statements showing fees, or records of time spent dealing with identity theft issues.
Step 3: Watch for the official settlement website launch. The claim form will be available online once Kroll publishes the settlement website address.
Step 4: Enroll in the free identity theft protection using the code in your settlement notice. Don’t wait—enrollment codes expire 90 days after notices are sent.
Step 5: Monitor your credit reports and medical records for suspicious activity, even after filing your claim.
Where To Find Official Settlement Information
The official settlement website will be announced by Kroll Settlement Administration. Settlement class members will receive the website address in their settlement notices https://aeadatasettlement.com.
For questions about the settlement, contact the settlement administrator once contact information becomes available on the official settlement website.
Court documents are available through the North Carolina Business Court for case In Re: Asheville Eye Associates Data Incident Litigation.
For information on other active healthcare data breach settlements, check settlements currently accepting claims.
Frequently Asked Questions
What is the Asheville Eye Associates data breach settlement about?
The settlement resolves claims that Asheville Eye Associates failed to protect patient data during a November 2024 ransomware attack by DragonForce. The company agreed to provide vouchers, reimbursement up to $1,250, and one year of identity theft protection to affected individuals.
Who is eligible to claim from this settlement?
Anyone whose personal health information or personally identifiable information was compromised in the November 2024 Asheville Eye Associates data breach. The settlement class includes approximately 327,756 patients and employees who received breach notification letters.
What is the deadline to file a claim?
The claim deadline is 60 days after the notice deadline. Since preliminary approval was granted November 5, 2025, and notices must be sent within 30 days, the claim deadline is expected in early 2026.
How much money could I receive?
Up to $1,250 for documented out-of-pocket expenses, plus a $10 eyeglass voucher and one year of identity theft protection. The exact amount depends on your documented losses and the total number of claims submitted.
How do I file a claim?
The settlement administrator Kroll will provide an online claim form on the official settlement website. You can also submit a paper claim form https://aeadatasettlement.com/files/Asheville%20Eye%20Associates%20-%20Claim%20Form_v3.pdf
What documentation do I need to submit?
For reimbursement claims: receipts, bank statements, invoices, or credit reports proving expenses directly related to the breach. For identity theft protection: just the enrollment code from your settlement notice. The eyeglass voucher requires no documentation.
How long will it take to receive my payout?
Settlement benefits will be distributed approximately 45 days after the court grants final approval on February 23, 2026, assuming no appeals are filed. Most payments should arrive by spring 2026.
Last Updated: February 10, 2026
Disclaimer: This article provides general information about the Asheville Eye Associates data breach settlement and does not constitute legal advice. For specific questions about your eligibility or claim, contact the settlement administrator or consult a qualified attorney.
Have you been affected by a healthcare data breach? Learn about your rights and check other open class action settlements at AllAboutLawyer.com.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah