In June 2020, EyeMed Vision Care LLC experienced a **data breach** caused by an unauthorized third party, compromising sensitive personal and protected health information (PHI) of customers. The exposed data included names, contact details, dates of birth, health insurance account numbers, Medicaid/Medicare numbers, driver’s licenses, and other government-issued identification numbers. The breach led to a **$5 million class-action settlement**, with affected individuals eligible for compensation of up to **$10,000** for out-of-pocket losses, lost time (up to $100), and pro rata cash payments (estimated $50). The lawsuit alleged EyeMed failed to implement adequate cybersecurity measures, resulting in potential identity theft, fraud, and financial harm to victims. While EyeMed denied wrongdoing, the settlement was agreed upon to avoid prolonged litigation. The incident underscored significant risks to customer privacy and trust, with long-term reputational and financial repercussions for the company.
Source: https://www.claimdepot.com/settlements/eyemed-data-settlement
TPRM report: https://www.rankiteo.com/company/eyemed-vision-care
"id": "eye5994859100225",
"linkid": "eyemed-vision-care",
"type": "Breach",
"date": "6/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Class members (U.S. residents '
'notified of the breach)',
'industry': 'Healthcare',
'location': 'United States',
'name': 'EyeMed Vision Care LLC',
'type': 'Healthcare (Vision Care)'}],
'customer_advisories': 'Class members instructed to file claims by Dec. 11, '
'2025, via online form or mail (Kroll Settlement '
'Administration)',
'data_breach': {'data_exfiltration': 'Yes (unauthorized access by third '
'party)',
'personally_identifiable_information': ['Names',
'Contact details',
'Dates of birth',
'Health insurance '
'account numbers',
'Health insurance '
'identification '
'numbers',
'Medicaid/Medicare '
'numbers',
'Driver’s licenses',
'Government '
'identification '
'numbers'],
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2020-06',
'description': 'EyeMed Vision Care LLC experienced a data breach in June '
'2020, exposing sensitive personal and protected health '
'information of customers. The breach resulted from '
'unauthorized third-party access, allegedly due to inadequate '
'data security measures. EyeMed agreed to a $5 million class '
'action settlement to resolve claims related to the incident.',
'impact': {'brand_reputation_impact': 'Negative (settlement and public '
'disclosure)',
'customer_complaints': 'Class action lawsuit filed',
'data_compromised': ['Names',
'Contact details',
'Dates of birth',
'Health insurance account numbers',
'Health insurance identification numbers',
'Medicaid/Medicare numbers',
'Driver’s licenses',
'Government identification numbers'],
'financial_loss': '$5,000,000 (settlement fund)',
'identity_theft_risk': 'High (PII and PHI exposed)',
'legal_liabilities': "$5,000,000 settlement, attorneys' fees "
"($1,666,666.66), attorneys' expenses "
'($50,000), service awards ($7,500)'},
'investigation_status': 'Settled (class action lawsuit)',
'post_incident_analysis': {'corrective_actions': 'Settlement agreement (no '
'specific technical '
'remediation details '
'disclosed)',
'root_causes': 'Alleged failure to implement '
'adequate data security measures'},
'references': [{'source': 'Class Action Settlement Notice (Tate v. EyeMed '
'Vision Care LLC)'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled for '
'$5,000,000'},
'response': {'communication_strategy': 'Class action settlement notices sent '
'to affected individuals'},
'stakeholder_advisories': 'Settlement notices sent to affected class members',
'threat_actor': 'Unauthorized third party',
'title': 'EyeMed Vision Care Data Breach (June 2020)',
'type': 'Data Breach'}