EyeMed on the hook for $600K after 2.1M record breach

Vision-coverage benefits provider EyeMed has agreed to pay $600,000 to the New York State Attorney General following a data breach in 2020 that affected 2.1 million US residents. The breach resulted from an attacker gaining access to an EyeMed email account for a week, allowing them to view personal information dating back six years. EyeMed failed to meet legal requirements to protect customer information, including implementing multi-factor authentication and proper password management. The company must now enact measures to protect consumer information and permanently delete personal data when necessary.