Cohen’s Fashion Optical Data Breach Exposes Social Security Numbers and Financial Records

Retail data breach illustration
Breach Discovery: 28th October 2025Breach Notification: 19th February 2026

What Happened in the Cohen’s Fashion Optical Data Breach?

Cohen’s Fashion Optical, a well-known eyewear retailer headquartered in Garden City, New York, recently confirmed a data breach that exposed sensitive customer information. The Cohen’s Fashion Optical data breach came to light after a ransomware group known as Sinobi claimed responsibility for the attack. As a result, thousands of consumers may now be at risk of identity theft.

According to available records, Sinobi posted on the dark web on Oct. 28, 2025, announcing that it had breached Cohen’s Fashion Optical’s network. The group claimed to have accessed roughly 350 GB of company data. This included financial records, internal contracts, and incident documentation. Sinobi reportedly threatened to publish the stolen files within eight days unless its demands were met.

The attackers used ransomware, a form of malicious software that locks files and demands payment for their release. Because ransomware attacks often involve both encryption and data theft, this incident falls into that dual-threat category. Following the dark web posting, Cohen’s Fashion Optical launched an investigation to determine the scope of the intrusion and confirm exactly what information had been compromised.

On Feb. 19, 2026, the company formally disclosed the breach to the Massachusetts Office of Consumer Affairs and Business Regulation. This notification came nearly four months after Sinobi’s initial claim. As a result, affected individuals are now being informed of the exposure and the specific risks it presents.

Who was affected?

The Cohen’s Fashion Optical data breach appears to primarily affect the company’s customers. However, the full scope of affected individuals has not been publicly disclosed. Because Cohen’s Fashion Optical operates retail eyewear locations, the exposed population likely includes everyday consumers who purchased glasses, contacts, or related eyewear services.

In its filing with Massachusetts regulators, the company confirmed that 13 residents of that state were affected. Meanwhile, the total number of impacted consumers nationwide remains undisclosed. Given that Sinobi claimed to have stolen 350 GB of data, the true number of affected individuals could be significantly higher than what has been reported so far.

What Information Was Potentially Exposed?

The data exposed in this breach includes some of the most sensitive categories of personal information. Because Social Security numbers were confirmed as compromised, affected individuals face an elevated risk of long-term harm. The following data types have been confirmed or reported as part of the breach:

  • Social Security numbers
  • Financial records
  • Internal contracts
  • Incident documentation

Social Security numbers are particularly dangerous in the hands of criminals. Unlike a credit card number, a Social Security number cannot easily be changed or replaced. As a result, exposed individuals may face years of ongoing risk rather than a one-time incident.

Financial records add another layer of concern. Criminals often combine stolen financial data with Social Security numbers to open fraudulent accounts, file false tax returns, or apply for loans in a victim’s name. Because of this combination, affected consumers should treat this breach as a serious threat to their financial security.

What is the company doing?

In response to the breach, Cohen’s Fashion Optical launched an internal investigation to assess the extent of the intrusion. The company also filed formal notification with the Massachusetts Office of Consumer Affairs and Business Regulation, as required under state breach notification laws. This filing confirmed the exposure of Social Security numbers belonging to state residents.

Additionally, the company has advised affected individuals to remain alert for suspicious account activity. It has recommended that consumers monitor their credit reports and consider placing a fraud alert or credit freeze. While specific details about credit monitoring services have not been disclosed, affected individuals should watch for official notification letters that may include further guidance or protective offers.

What Should Affected Individuals Do?

Monitor Your Credit Reports Closely

Affected individuals should request copies of their credit reports from all three major credit bureaus. Because Social Security numbers were exposed, criminals could attempt to open new accounts using stolen identities. Regularly reviewing your credit report can help you catch unauthorized activity early.

You can obtain a free credit report weekly from each bureau through the official government-authorized website. In addition, consider setting up ongoing credit monitoring services if you notice any unusual entries. Early detection often makes the difference between a minor inconvenience and a prolonged identity theft ordeal.

Consider a Fraud Alert or Credit Freeze

Because Social Security numbers were confirmed exposed, placing a fraud alert or credit freeze is strongly advised. A fraud alert requires creditors to verify your identity before opening new accounts in your name. This extra step can prevent criminals from successfully using your stolen information.

A credit freeze goes further by restricting access to your credit file entirely. As a result, most lenders cannot approve new credit applications without you first lifting the freeze. While a freeze may create minor inconvenience when you apply for credit yourself, it offers powerful protection against identity thieves.

Stay Alert for Phishing Attempts

Following a data breach, scammers often use stolen information to craft convincing phishing emails or text messages. These messages may impersonate Cohen’s Fashion Optical, financial institutions, or government agencies. Because of this, you should never click on links or provide personal details in response to unsolicited messages.

Instead, verify any communication by contacting the organization directly through official channels. If you receive a suspicious message referencing this breach, report it to the Federal Trade Commission. Staying cautious can help you avoid becoming a victim of secondary scams tied to this incident.

Report Suspicious Activity Immediately

If you notice unfamiliar accounts, unauthorized charges, or unexpected credit inquiries, report them right away. You should contact your bank, credit card issuer, and the credit bureaus as soon as possible. Quick action can limit financial damage and help authorities track fraudulent activity.

In addition, consider filing a report with local law enforcement and the Federal Trade Commission’s identity theft website. These reports create an official record that may help you dispute fraudulent charges later. Because identity theft can take time to fully resolve, documentation is essential throughout the process.

Consult a Data Breach Attorney

Given that Social Security numbers were exposed, affected individuals may want to speak with a data breach attorney. An attorney can help determine whether you qualify for compensation through a potential class action lawsuit. Many attorneys offer free consultations to review your specific situation.

Furthermore, an attorney can help you understand your legal rights and any applicable deadlines for filing a claim. Because breach-related litigation often moves quickly, seeking guidance sooner rather than later is generally advisable. This step can help ensure you don’t miss out on potential compensation.



More Information

Official Notice from Cohensfashionoptical

Official Notice from Mass

Related Data Breaches