EyeMed Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In June 2020, EyeMed Vision Care, a prominent vision care insurer, experienced a data breach. The incident involved unauthorized access to an EyeMed email account, leading to the exposure of a substantial amount of personal information. This breach revealed weaknesses in EyeMed's data security measures and resulted in a significant financial settlement with multiple states. The event highlights the critical need for strong security protocols to protect sensitive information in the digital age.
How many accounts were compromised?
The breach impacted data related to over 2.1 million individuals.
What data was leaked?
The data exposed in the breach included names, contact information, dates of birth, health insurance account information, Social Security numbers, Medicare/Medicaid numbers, driver's license numbers, government ID numbers, birth/marriage certificates, medical diagnoses, and treatment information.
How was EyeMed hacked?
The unauthorized user gained access to an EyeMed email account through a phishing attack, which allowed them to access a shared inbox containing sensitive consumer information. The attacker then sent approximately 2,000 phishing emails from the compromised account, exposing six years of personal and medical data for over 2.1 million individuals.
EyeMed's solution
In response to the hacking incident, EyeMed took several measures to enhance its security and prevent future breaches. These actions included developing and maintaining a written information security program in compliance with state consumer protection laws and HIPAA, implementing updated security protocols, and maintaining controls to manage account access. Additionally, EyeMed is required to report all data breaches immediately, continue to employ an officer in charge of the information security program, and address the security deficiencies identified during the multi-state audit and the New York report.
How do I know if I was affected?
EyeMed has notified customers believed to be affected by the breach. If you're an EyeMed customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts whenever possible. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective service providers.
For more specific help and instructions related to EyeMed's data breach, please contact EyeMed's support directly.
Where can I go to learn more?
If you want to find more information on the EyeMed data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
EyeMed Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In June 2020, EyeMed Vision Care, a prominent vision care insurer, experienced a data breach. The incident involved unauthorized access to an EyeMed email account, leading to the exposure of a substantial amount of personal information. This breach revealed weaknesses in EyeMed's data security measures and resulted in a significant financial settlement with multiple states. The event highlights the critical need for strong security protocols to protect sensitive information in the digital age.
How many accounts were compromised?
The breach impacted data related to over 2.1 million individuals.
What data was leaked?
The data exposed in the breach included names, contact information, dates of birth, health insurance account information, Social Security numbers, Medicare/Medicaid numbers, driver's license numbers, government ID numbers, birth/marriage certificates, medical diagnoses, and treatment information.
How was EyeMed hacked?
The unauthorized user gained access to an EyeMed email account through a phishing attack, which allowed them to access a shared inbox containing sensitive consumer information. The attacker then sent approximately 2,000 phishing emails from the compromised account, exposing six years of personal and medical data for over 2.1 million individuals.
EyeMed's solution
In response to the hacking incident, EyeMed took several measures to enhance its security and prevent future breaches. These actions included developing and maintaining a written information security program in compliance with state consumer protection laws and HIPAA, implementing updated security protocols, and maintaining controls to manage account access. Additionally, EyeMed is required to report all data breaches immediately, continue to employ an officer in charge of the information security program, and address the security deficiencies identified during the multi-state audit and the New York report.
How do I know if I was affected?
EyeMed has notified customers believed to be affected by the breach. If you're an EyeMed customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts whenever possible. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective service providers.
For more specific help and instructions related to EyeMed's data breach, please contact EyeMed's support directly.
Where can I go to learn more?
If you want to find more information on the EyeMed data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
EyeMed Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In June 2020, EyeMed Vision Care, a prominent vision care insurer, experienced a data breach. The incident involved unauthorized access to an EyeMed email account, leading to the exposure of a substantial amount of personal information. This breach revealed weaknesses in EyeMed's data security measures and resulted in a significant financial settlement with multiple states. The event highlights the critical need for strong security protocols to protect sensitive information in the digital age.
How many accounts were compromised?
The breach impacted data related to over 2.1 million individuals.
What data was leaked?
The data exposed in the breach included names, contact information, dates of birth, health insurance account information, Social Security numbers, Medicare/Medicaid numbers, driver's license numbers, government ID numbers, birth/marriage certificates, medical diagnoses, and treatment information.
How was EyeMed hacked?
The unauthorized user gained access to an EyeMed email account through a phishing attack, which allowed them to access a shared inbox containing sensitive consumer information. The attacker then sent approximately 2,000 phishing emails from the compromised account, exposing six years of personal and medical data for over 2.1 million individuals.
EyeMed's solution
In response to the hacking incident, EyeMed took several measures to enhance its security and prevent future breaches. These actions included developing and maintaining a written information security program in compliance with state consumer protection laws and HIPAA, implementing updated security protocols, and maintaining controls to manage account access. Additionally, EyeMed is required to report all data breaches immediately, continue to employ an officer in charge of the information security program, and address the security deficiencies identified during the multi-state audit and the New York report.
How do I know if I was affected?
EyeMed has notified customers believed to be affected by the breach. If you're an EyeMed customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for all accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts whenever possible. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective service providers.
For more specific help and instructions related to EyeMed's data breach, please contact EyeMed's support directly.
Where can I go to learn more?
If you want to find more information on the EyeMed data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions