EyeMed Breach - June 2020 and July 2020Date: June 2020

EyeMed is an Ohio-based vision insurance provider. It works with companies and individuals looking for insurance.

What Was the Breach?

The breach was unauthorized access to 2.1 million individuals’ non-public information (NPI). The hack lasted a week; in this time, the hacker could access more than six years’ worth of NPI, resulting in widespread panic. The information taken in the initial hack made it possible for the hacker to start another attack less than a month after their first. Notifications were not sent to affected parties until September 2020, three months after the first breach.

How Did the Breach Occur?

The breach occurred when a bad actor gained access to an employee’s email and used that access for personal gain. Not even a month after the initial breach, the hacker used the previously stolen email and sent out thousands of phishing attacks.

When Did This Breach Occur?

This breach occurred in June 2020 and then again in July 2020.

Who Does the Breach Impact?

The breach impacts a surprisingly small number of EyeMed customers. The insurers have over 62 million customers, which means that only about three percent of customers were affected by this breach.

How Many Files Does the Breach Affect?

The breach affected 2.1 million files. While the number may seem incredibly large, one must remember that many violations have had tens of millions of victims. The biggest data breach in history was a Yahoo! breach that affected 3 billion users.


Recent Breaches

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address