EyeMed Vision Care, LLC Details

    Organization Logo

    EyeMed Vision Care, LLC

    Mason, Ohio employees • Healthcare

    Industry

    Healthcare

    Security Incidents

    1

    EyeMed Vision Care, LLC is a leading vision benefits company in the United States, providing comprehensive eye care plans and services to individuals and organizations. As a part of the Luxottica Group, EyeMed offers access to an extensive network of eye care professionals and retailers, ensuring quality vision care and eyewear. The company's commitment to innovation and customer satisfaction has established it as a trusted name in the vision care industry.

    Security Incidents

    EyeMed Vision Care, LLC Breach of Jul 2020
    Severity Score
    Significant

    Type

    Phishing Attack

    Summary

    In July 2020, EyeMed Vision Care experienced a significant data breach when an unauthorized third party gained access to an email account used by the company. The breach, which was discovered on July 1, 2020, exposed sensitive information of approximately 2.1 million individuals, including names, contact details, dates of birth, Social Security numbers, and medical information. The compromised email account contained a large volume of personal data due to its use in communicating with patients and healthcare providers. EyeMed promptly notified affected individuals and offered credit monitoring...
    Show more

    Severity

    The breach was severe as it compromised the personal information of approximately 2.1 million consumers nationwide, including 98,632 in New York state. EyeMed Vision Care agreed to pay a penalty of $4.5 million for cybersecurity control failures that enabled the breach. The bad actor gained access to a shared email inbox containing sensitive data.

    Impact

    The breach impacted the personal information of 2.1 million individuals, with 98,632 New York state residents affected. EyeMed Vision Care had to pay a $600,000 settlement and implement security measures to address the breach. The exposure of consumers' non-public health data was a significant consequence of the incident.