Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
EyeMed data breach fine overview:
- Who: EyeMed Vision Care LLC will pay $4.5 million to the New York Department of Financial Services (DFS) to settle claims it breached state cybersecurity rules.
- Why: The DFS found the company breached state cybersecurity rules before a 2020 hack that exposed hundreds of thousands of consumers’ personal data.
- Where: The settlement is in New York.
EyeMed Vision Care LLC will pay $4.5 million to the New York Department of Financial Services (DFS) to settle claims it breached state cybersecurity rules before a 2020 hack that exposed hundreds of thousands of consumers’ personal data.
On Oct. 18, the settlement was approved and signed by the DFS Superintendent of Financial Services Adrienne A. Harris in New York.
The DFSis the insurance regulator of New York, responsible for ensuring the safety of New York’s insurance industry and promoting the reduction and elimination of fraud, abuse, and unethical conduct with respect to insurance licensees.
EyeMed is a vision services health insurance company.
According to the department’s investigation, a cyberattacker was able to access six years’ worth of sensitive data in a July 2020 phishing hack of EyeMed Vision Care.
It said the health insurance company violated DFS’ Cybersecurity Regulation for not using multifactor authentication throughout its email network.
EyeMed also failed to sufficiently limit internal access to the email mailbox breached in the attack by allowing nine employees to share login credentials to the affected platform, and failed to dispose of data in an appropriate timeline, the DFS investigation found.
“Had these controls been in place, the July 1, 2020, cybersecurity event could have been prevented or been limited in scope,” it said.
EyeMed breach exposed sensitive data of consumers, investigation found
The 2020 breach exposed the sensitive health data of hundreds of thousands of consumers, including the data of minors, DFS said.
As a result of the investigation, EyeMed has agreed to “conduct a comprehensive cybersecurity risk assessment” and an action plan to make sure the company is protected against breaches in the future.
“This settlement demonstrates DFS’s ongoing commitment to protecting consumers while ensuring the safety and soundness of financial institutions from cyber threats,” Superintendent Harris said in a statement.
Meanwhile, in February, Allergan agreed to pay nearly $30 million to resolve class action claims it used anti-competitive tactics to raise the price of Restasis eye drops.
Were you affected by the EyeMed data breach? Let us know what you think of this settlement in the comments!
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
6 thoughts onEyeMed fined $4.5M following data breach
If it’s not too late please add me! My spouse and I had Eyemed
Add me
Please add me.I have had EyeMed for about 10 plus years.
We have had Eyemed for many years.
I’ve had EyeMed from 2014 to present!!!
If it goes back 6 years then I was affected by Eyemed breach.