Wolfe Eye Clinic discloses data breech, says hackers may have accessed confidential customer data

Emma McClatchey/Little Village

Wolfe Eye Clinic disclosed on Tuesday it had experienced a data breech earlier this year in which the personal information of its customers may have been stolen.

“On February 8, 2021, Wolfe Eye Clinic was the target of a cybersecurity attack that involved an unauthorized third party attempting to gain access to our computer network,” the Marshalltown-based company, which has 20 locations around Iowa — including one in Iowa City and one in Hiawatha — said in a statement posted on its site. “Upon detecting this incident, we moved quickly to secure our network environment and launched a thorough investigation.”

Wolfe did not specify in its statement when it learned of the breech, but did say that because of “the complexity and scale of the cyberattack detected, the full scope of information potentially impacted was not fully realized until May 28, 2021.”

According to the company the “comprehensive forensic investigation into this incident concluded on June 8,” and it determined the customer information accessed during the breech “may include their name, mailing address, date of birth and Social Security number; and … it may also include protected medical and health information.”

In its statement, the company said it takes “the security of all information in our control very seriously.”

“Given this, we are taking steps to prevent a similar event from occurring in the future by implementing additional safeguards and enhanced security measures to better protect the privacy and security of information in our systems. Out of an abundance of caution, we are also notifying all potentially affected individuals and have begun mailing letters to everyone whose information may have been compromised because of this incident.”

Wolfe said it has hired IDX, a software company that specializes in data security, “to provide identity monitoring, at no cost, to affected individuals for twelve (12) months to help relieve concerns and restore confidence following this incident.”

More information about the monitoring program is available through IDX’s site or by calling 833-909-3906.

Earlier this month, hackers shut down Des Moines Area Community College’s computer systems in a ransomware attack. DMACC had to cancel classes for two and a half weeks while it attempted to remove all hackers’ malicious software from its system. Appearing on Iowa Press last weekend, DMACC President Rob Denson said it did not appear any accounts had been compromised in the attack, and the college did not pay the ransom demanded. Denson said DMACC’s insurance company “is talking with the threat actor” who claimed responsibility for the attack, but the college isn’t a party to those talks.

In August 2019, Hy-Vee disclosed it had a months-long data breech in 2018 and 2019, during which hackers accessed the credit and debit card information from millions of customer transactions at its fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses and its Wahlburgers locations). Information from that breech was later discovered for sale online.

In October 2019, a class action lawsuit was filed against Hy-Vee alleging the theft of customer information was “the inevitable result of Hy-Vee’s inadequate data security measures and cavalier approach to data security.” Hy-Vee settled the case in January of this year, before beginning the discovery phase of the lawsuit, during which the company could have been compelled to produce documents and company officials could have been questioned under oath.

Thoughts? Tips? A cute picture of a dog? Share them with LV »


Iowa City Book Festival

Oct. 18-24

A celebration of books, writing and ideas

Find Out More


Summer Programs 2020

Get 150+ local restaurants delivered to your door in the Iowa City & Cedar Rapids areas!

The Future is Unwritten

You look to Little Village for today’s stories. Your sustaining support will help us write tomorrow’s.


$10/mo or $120/year
The cost of doing this work really adds up! Your contribution at this level will cover telephone and internet expenses for one month at the LV editorial offices.


$20/mo or $240/year
$240 is enough to cover one month’s costs for sending out our weekly entertainment newsletter, The Weekender. Make a contribution at this level to put a little more oomph on your support and your weekend.


$30/mo or $360/year
(AUTO-RENEW) connects eastern Iowa culture with the world. Your contribution at this level will cover the site’s hosting costs for three months. A bold move for our boldest supporters!

All monthly and annual contributors receive:

  • Recognition on our Supporters page (aliases welcome)
  • Exclusive early access when we release new half-price gift cards
  • Access to a secret Facebook group where you can connect with other supporters and discuss the latest news and upcoming events (and maybe swap pet pics?) with the LV staff
  • Invitations to periodic publisher chats (held virtually for now) to meet with Matt and give him a piece of your mind, ask your burning questions and hear more about the future plans for Little Village, Bread & Butter Magazine, Witching Hour Festival and our other endeavors.