EyeMed Vision Care, LLC, was the victim of a hacking incident in 2020 that compromised the personal information of 2.1 million consumers, including their names, addresses, Social Security numbers, member numbers of health and vision insurance accounts, diagnoses, and treatment information. According to the New York Attorney General’s office, 98,632 of those individuals were state residents.

Following the data breach, the NY AG’s office started an investigation and alleged that EyeMed violated New York state law by not protecting the sensitive information. EyeMed has settled with the NY AG for $600,000 and has agreed to implement a “comprehensive information security program.”