ANNAPOLIS, Md.—Visionworks is notifying as many as 75,000 of the national retail chain’s customers that it has learned of an incident that may involve personal information of individuals who received services at its Jennifer Square, Annapolis, Md., location.

An investigation is currently underway to locate a missing database server that potentially held unencrypted protected health information, which was replaced on June 2, 2014, during scheduled upgrades, according to a statement last week from the San Antonio-based company. While the location of the server has yet to be determined, it is believed to have been sent to one of the store’s local landfills along with other miscellaneous garbage. At this time, there is no reason to believe that any of the information on the server has been accessed or used inappropriately, according to the company statement.

All credit card information housed on the server was encrypted, and therefore should not be at risk, the statement said, but in an abundance of caution the company will provide as many as 75,000 of the store’s customers with free credit monitoring for one year. In resolving this issue, Visionworks stated that it will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.