EVC
Company Details
Linkedin ID:
eyemed-vision-care
Website:
Employees number:
612
Number of followers:
16,351
NAICS:
524
Industry Type:
Homepage:
eyemed.com
IP Addresses:
0
Company ID:
EYE_4290134
Scan Status:
In-progress
EyeMed Vision Care Company CyberSecurity Posture
eyemed.com
EyeMed Vision Care is a leader in vision insurance benefits. We deliver stand-out vision benefits centered around an outstanding member experience. EyeMed boasts America’s largest vision network with a diverse network of independent ODs, retail and online providers. No wonder 99% of clients agree we deliver value, that’s why nearly 98% of EyeMed members use their benefits in network. EyeMed is a Top-Tier Partner of the OneSight EssilorLuxottica foundation, a registered charitable organization that helps create access to vision care for people in need globally. EyeMed is based in Cincinnati, Ohio. Learn more at eyemed.com
EyeMed Vision Care A.I CyberSecurity Scoring
EVC Risk Score (AI oriented)Between 600 and 649
EVC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
EVC Global Score (TPRM)XXXX
EVC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
EVC Company CyberSecurity News & History
Past Incidents
4
Attack Types
1
EyeMed
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On December 11, 2020, the California Office of the Attorney General reported a data breach involving Aetna, which occurred on June 24, 2020. The unauthorized access involved an EyeMed email mailbox, and while specific numbers of affected individuals are not stated, personal information related to EyeMed's vision benefits may have been compromised.
EyeMed Vision Care
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In 2020, EyeMed Vision Care suffered a **phishing email breach** where hackers accessed a shared inbox used by nine employees for enrollment processing. The compromised email, protected only by a weak password, contained **six years of sensitive customer data**, including personal and potentially financial information. The breach impacted **up to 2.1 million individuals** nationwide, though the class action settlement covered ~692,154 members. Regulatory fines and settlements have cost EyeMed **over $12.6 million**, including a $5M class action payout, $4.5M to New York’s DFS, $600K to the NY AG, and $2.5M to four other states. The company also faced mandatory security upgrades, including **MFA enhancements, password audits, HIPAA risk assessments, and reduced email retention periods**. The breach exposed customers to potential fraud, identity theft, and financial losses, with class members eligible for compensation up to $10,000 for documented damages. EyeMed denied wrongdoing but agreed to settlements to resolve negligence and compliance violation claims.
EyeMed Vision Care LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In June 2020, EyeMed Vision Care LLC experienced a **data breach** caused by an unauthorized third party, compromising sensitive personal and protected health information (PHI) of customers. The exposed data included names, contact details, dates of birth, health insurance account numbers, Medicaid/Medicare numbers, driver’s licenses, and other government-issued identification numbers. The breach led to a **$5 million class-action settlement**, with affected individuals eligible for compensation of up to **$10,000** for out-of-pocket losses, lost time (up to $100), and pro rata cash payments (estimated $50). The lawsuit alleged EyeMed failed to implement adequate cybersecurity measures, resulting in potential identity theft, fraud, and financial harm to victims. While EyeMed denied wrongdoing, the settlement was agreed upon to avoid prolonged litigation. The incident underscored significant risks to customer privacy and trust, with long-term reputational and financial repercussions for the company.
EyeMed Vision Care LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported a data breach involving EyeMed Vision Care LLC on November 30, 2020. The breach occurred between June 24, 2020, and July 1, 2020, exposing personal information, including Social Security Numbers, of approximately 2,329,942 individuals, with 23,057 residents affected. Notification to consumers was provided on September 28, 2020.
EVC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for EVC
Incidents vs Insurance Industry Average (This Year)
No incidents recorded for EyeMed Vision Care in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for EyeMed Vision Care in 2025.
Incident Types EVC vs Insurance Industry Avg (This Year)
No incidents recorded for EyeMed Vision Care in 2025.
Incident History — EVC (X = Date, Y = Severity)
EVC cyber incidents detection timeline including parent company and subsidiaries
EVC Company Subsidiaries
EyeMed Vision Care is a leader in vision insurance benefits. We deliver stand-out vision benefits centered around an outstanding member experience. EyeMed boasts America’s largest vision network with a diverse network of independent ODs, retail and online providers. No wonder 99% of clients agree we deliver value, that’s why nearly 98% of EyeMed members use their benefits in network. EyeMed is a Top-Tier Partner of the OneSight EssilorLuxottica foundation, a registered charitable organization that helps create access to vision care for people in need globally. EyeMed is based in Cincinnati, Ohio. Learn more at eyemed.com
Loading...
EVC Similar Companies
Vienna Insurance Group (VIG)
Vienna Insurance Group (VIG) is the leading insurance group in the entire Central and Eastern European (CEE) region. More than 50 insurance companies and pension funds in 30 countries form a Group with a long-standing tradition, strong brands and close customer relations. Around 30,000 employees in
Life Insurance Corporation of India
The Life Insurance Corporation of India (LIC) is a state-owned Life Insurance Company of India. Founded in 1956, it operates as a Government-Owned Corporation, headquartered in Mumbai, Maharashtra, and is a key player in the life insurance sector in India. LIC offers a wide range of insurance produ
Blue Cross Blue Shield of Michigan
Blue Cross Blue Shield of Michigan is a nonprofit corporation and an independent licensee of the Blue Cross and Blue Shield Association. BCBSM's commitment to Michigan is what differentiates it from other health insurance companies doing business in the state. That mission has never changed. Nea
Groupama
« Etre là pour les autres, j'ai décidé d'en faire mon métier. » Portée par nos 32 000 collaborateurs, notre campagne de communication employeur souligne ce qui nous rassemble et nous rend fiers au quotidien : notre métier, le point de départ de belles histoires, humaines avant tout. Cette campagne
Gallagher, a global insurance brokerage, risk management, and consulting firm, serves communities around the globe, helping clients address risk, protecting assets, and recovering from losses. The products and services we provide keep businesses and institutions running, and enable individuals and f
Zurich Insurance
Zurich Insurance Group (Zurich) is a leading global multi-line insurer founded more than 150 years ago, which has grown into a business serving more than 75 million customers in more than 200 countries and territories, while delivering industry-leading total shareholder returns. Our customers includ
GREAT EASTERN
Established in 1908, Great Eastern places customers at the heart of everything we do. Our legacy extends beyond our products and services to our culture, which is defined by our core values and how we work. As champions of Integrity, Initiative and Involvement, our core values act as a compass, guid
Sedgwick
Sedgwick is the world’s leading risk and claims administration partner, helping clients thrive by navigating the unexpected. The company’s expertise, combined with the most advanced AI-enabled technology available, sets the standard for solutions in claims administration, loss adjusting, benefits ad
State Farm
At State Farm®, our mission is to help people manage the risks of everyday life, recover from the unexpected, and realize their dreams. We are passionate and driven to create possibilities, and we’re serious about helping customers by providing solutions for all of life’s moments. Like a good neighb
.png)
EVC CyberSecurity News
August 18, 2025 07:00 AM
State reaches $2M settlement with dental insurer over cybersecurity violations
The state has reached a settlement with a major dental insurance provider over what the state claimed was shoddy cybersecurity that exposed...
May 18, 2023 07:00 AM
EyeMed Vision Care Reaches $2.5M Settlement Over Multistate Data Breach
Vision insurer EyeMed Vision Care reached a $2.5 million settlement following a 2020 data breach that impacted 2.1 million individuals.
November 09, 2022 08:00 AM
New York Financial Services' EyeMed Settlement Emphasizes Risk Assessments, Email Controls
The New York Department of Financial Services' settlement with EyeMed emphasizes the importance of cybersecurity risk assessments.
October 24, 2022 07:00 AM
NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
New York State Department of Financial Services NYDFS announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for...
October 20, 2022 07:00 AM
EyeMed fined $4.5M following data breach
EyeMed Vision Care LLC will pay $4.5M to the New York Department of Financial Services (DFS) to settle claims it breached state...
October 19, 2022 07:00 AM
New York State Fines EyeMed $4.5 Million for Phishing Attack and 2.1M-Record Data Breach
The New York State Department of Financial Services (DFS) has agreed to settle an investigation of EyeMed Vision Care (EyeMed) into...
October 19, 2022 07:00 AM
EyeMed fined $4.5M over cybersecurity lapses that led to breach
EyeMed Vision Care agreed to pay $4.5 million as part of a settlement with the New York State Department of Financial Services for...
February 08, 2022 08:00 AM
New York SHIELD Act $600,000 settlement
The New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., relating to a 2020 security incident.
February 07, 2022 08:00 AM
New York Attorney General's Office's Recent EyeMed Investigation Highlights Need To Meet Expanded Data Privacy Standards Of New York's SHIELD Act
The New York Attorney General's Office issued findings of its investigation into a data security incident involving EyeMed Vision Care LLC.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
EVC CyberSecurity History Information
Official Website of EyeMed Vision Care
The official website of EyeMed Vision Care is http://www.eyemed.com.
EyeMed Vision Care’s AI-Generated Cybersecurity Score
According to Rankiteo, EyeMed Vision Care’s AI-generated cybersecurity score is 619, reflecting their Poor security posture.
How many security badges does EyeMed Vision Care’ have ?
According to Rankiteo, EyeMed Vision Care currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does EyeMed Vision Care have SOC 2 Type 1 certification ?
According to Rankiteo, EyeMed Vision Care is not certified under SOC 2 Type 1.
Does EyeMed Vision Care have SOC 2 Type 2 certification ?
According to Rankiteo, EyeMed Vision Care does not hold a SOC 2 Type 2 certification.
Does EyeMed Vision Care comply with GDPR ?
According to Rankiteo, EyeMed Vision Care is not listed as GDPR compliant.
Does EyeMed Vision Care have PCI DSS certification ?
According to Rankiteo, EyeMed Vision Care does not currently maintain PCI DSS compliance.
Does EyeMed Vision Care comply with HIPAA ?
According to Rankiteo, EyeMed Vision Care is not compliant with HIPAA regulations.
Does EyeMed Vision Care have ISO 27001 certification ?
According to Rankiteo,EyeMed Vision Care is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of EyeMed Vision Care
EyeMed Vision Care operates primarily in the Insurance industry.
Number of Employees at EyeMed Vision Care
EyeMed Vision Care employs approximately 612 people worldwide.
Subsidiaries Owned by EyeMed Vision Care
EyeMed Vision Care presently has no subsidiaries across any sectors.
EyeMed Vision Care’s LinkedIn Followers
EyeMed Vision Care’s official LinkedIn profile has approximately 16,351 followers.
NAICS Classification of EyeMed Vision Care
EyeMed Vision Care is classified under the NAICS code 524, which corresponds to Insurance Carriers and Related Activities.
EyeMed Vision Care’s Presence on Crunchbase
No, EyeMed Vision Care does not have a profile on Crunchbase.
EyeMed Vision Care’s Presence on LinkedIn
Yes, EyeMed Vision Care maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/eyemed-vision-care.
Cybersecurity Incidents Involving EyeMed Vision Care
As of November 27, 2025, Rankiteo reports that EyeMed Vision Care has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
EyeMed Vision Care has an estimated 14,863 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at EyeMed Vision Care ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on EyeMed Vision Care ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $17.60 million.
How does EyeMed Vision Care detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with class action settlement notices sent to affected individuals, and incident response plan activated with yes (post-breach), and third party assistance with yes (third-party hipaa security risk assessment), and containment measures with shortened email retention period, containment measures with enhanced mfa, containment measures with password policy updates, and remediation measures with security awareness training, remediation measures with audit mechanisms for weak passwords, remediation measures with third-party risk assessment, and communication strategy with class-action settlement notifications, communication strategy with regulatory disclosures (hhs, state ags)..
Incident Details
Can you provide details on each incident ?
Title: Aetna Data Breach
Description: Unauthorized access to an EyeMed email mailbox potentially compromising personal information related to vision benefits.
Date Detected: 2020-12-11
Date Publicly Disclosed: 2020-12-11
Type: Data Breach
Attack Vector: Email Mailbox
Title: EyeMed Vision Care LLC Data Breach
Description: The Maine Office of the Attorney General reported a data breach involving EyeMed Vision Care LLC on November 30, 2020. The breach occurred between June 24, 2020, and July 1, 2020, exposing personal information, including Social Security Numbers, of approximately 2,329,942 individuals, with 23,057 residents affected. Notification to consumers was provided on September 28, 2020.
Date Detected: 2020-11-30
Date Publicly Disclosed: 2020-09-28
Type: Data Breach
Title: EyeMed Vision Care Data Breach (June 2020)
Description: EyeMed Vision Care LLC experienced a data breach in June 2020, exposing sensitive personal and protected health information of customers. The breach resulted from unauthorized third-party access, allegedly due to inadequate data security measures. EyeMed agreed to a $5 million class action settlement to resolve claims related to the incident.
Date Detected: 2020-06
Type: Data Breach
Threat Actor: Unauthorized third party
Title: EyeMed Email Breach Settlement
Description: Vision care benefits firm EyeMed agreed to pay $5 million to settle class action litigation involving a 2020 phishing email data breach. The incident, which exposed sensitive customer data from a shared email inbox, has already cost the company over $12.6 million in regulatory fines and settlements across multiple states. The breach affected up to 2.1 million consumers nationwide, with 692,154 class members identified in the settlement. Security improvements mandated include enhanced MFA, password policies, HIPAA risk assessments, and third-party audits.
Date Detected: 2020-09
Date Publicly Disclosed: 2020-09
Type: Data Breach
Attack Vector: Phishing (compromised shared email inbox with weak password)
Vulnerability Exploited: Weak PasswordLack of MFAProlonged Email Retention (6+ years)Shared Inbox Access
Motivation: Financial Gain (data exfiltration for fraud/identity theft)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing email (compromised shared inbox).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach EYE413072525
Data Compromised: Personal information
Systems Affected: Email Mailbox
Incident : Data Breach EYE248072725
Data Compromised: Social security numbers
Incident : Data Breach EYE5994859100225
Financial Loss: $5,000,000 (settlement fund)
Data Compromised: Names, Contact details, Dates of birth, Health insurance account numbers, Health insurance identification numbers, Medicaid/medicare numbers, Driver’s licenses, Government identification numbers
Customer Complaints: Class action lawsuit filed
Brand Reputation Impact: Negative (settlement and public disclosure)
Legal Liabilities: $5,000,000 settlement, attorneys' fees ($1,666,666.66), attorneys' expenses ($50,000), service awards ($7,500)
Identity Theft Risk: High (PII and PHI exposed)
Incident : Data Breach EYE4802448100725
Financial Loss: $12.6M+ (regulatory fines, settlements, and litigation costs)
Data Compromised: Personal data, Sensitive customer information
Systems Affected: Shared Employee Email Inbox (enrollment processing)
Brand Reputation Impact: High (multiple regulatory actions and class-action lawsuit)
Legal Liabilities: $12.6M+ (fines: $4.5M NY DFS, $600K NY AG, $2.5M 4-state AG, $5M class-action)
Identity Theft Risk: High (personal data exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $4.40 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, , Social Security Numbers, , Personally Identifiable Information (Pii), Protected Health Information (Phi), , Personal Data, Enrollment Information, Sensitive Customer Records and .
Which entities were affected by each incident ?
Incident : Data Breach EYE413072525
Entity Name: Aetna
Entity Type: Health Insurance Company
Industry: Healthcare
Incident : Data Breach EYE248072725
Entity Name: EyeMed Vision Care LLC
Entity Type: Company
Industry: Healthcare
Customers Affected: 2329942
Incident : Data Breach EYE5994859100225
Entity Name: EyeMed Vision Care LLC
Entity Type: Healthcare (Vision Care)
Industry: Healthcare
Location: United States
Customers Affected: Class members (U.S. residents notified of the breach)
Incident : Data Breach EYE4802448100725
Entity Name: EyeMed Vision Care
Entity Type: Healthcare (Vision Care Benefits Provider)
Industry: Healthcare
Location: Ohio, USA
Customers Affected: 2.1 million (nationwide); 692,154 (class members); 1.47 million (HHS report); 98,632 (New York residents)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach EYE5994859100225
Communication Strategy: Class action settlement notices sent to affected individuals
Incident : Data Breach EYE4802448100725
Incident Response Plan Activated: Yes (post-breach)
Third Party Assistance: Yes (third-party HIPAA security risk assessment)
Containment Measures: Shortened email retention periodEnhanced MFAPassword policy updates
Remediation Measures: Security awareness trainingAudit mechanisms for weak passwordsThird-party risk assessment
Communication Strategy: Class-action settlement notificationsRegulatory disclosures (HHS, state AGs)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (post-breach).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Yes (third-party HIPAA security risk assessment).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach EYE413072525
Type of Data Compromised: Personal information
Incident : Data Breach EYE248072725
Type of Data Compromised: Social security numbers
Number of Records Exposed: 2329942
Sensitivity of Data: High
Incident : Data Breach EYE5994859100225
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Sensitivity of Data: High (PII and PHI)
Data Exfiltration: Yes (unauthorized access by third party)
Personally Identifiable Information: NamesContact detailsDates of birthHealth insurance account numbersHealth insurance identification numbersMedicaid/Medicare numbersDriver’s licensesGovernment identification numbers
Incident : Data Breach EYE4802448100725
Type of Data Compromised: Personal data, Enrollment information, Sensitive customer records
Number of Records Exposed: 2.1 million (max estimate)
Sensitivity of Data: High (6+ years of customer data)
Data Exfiltration: Yes
Data Encryption: No (data stored in unencrypted email inbox)
File Types Exposed: EmailsAttachments (enrollment documents)
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Security awareness training, Audit mechanisms for weak passwords, Third-party risk assessment, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by shortened email retention period, enhanced mfa, password policy updates and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach EYE5994859100225
Legal Actions: Class action lawsuit settled for $5,000,000
Incident : Data Breach EYE4802448100725
Regulations Violated: HIPAA, California State Laws (e.g., CCPA), New York Financial Services Law (23 NYCRR 500),
Fines Imposed: $12.6M+ ($4.5M NY DFS, $600K NY AG, $2.5M 4-state AG, $5M class-action)
Legal Actions: Class-action lawsuit (settled 2026-01-07), NY DFS Consent Order (2022-10), NY AG Settlement (2022-01), 4-State AG Settlement (2023-05),
Regulatory Notifications: HHS (2020-09)State AGs (NY, NJ, FL, PA, OR)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit settled for $5,000,000, Class-action lawsuit (settled 2026-01-07), NY DFS Consent Order (2022-10), NY AG Settlement (2022-01), 4-State AG Settlement (2023-05), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach EYE4802448100725
Lessons Learned: Shared inboxes with weak passwords are high-risk targets for phishing., Prolonged data retention increases exposure in breaches., MFA and password policies must be enforced rigorously in healthcare., Regulatory non-compliance (e.g., HIPAA) amplifies financial and reputational damage.
What recommendations were made to prevent future incidents ?
Incident : Data Breach EYE4802448100725
Recommendations: Implement strict MFA for all email accounts, especially shared inboxes., Enforce password complexity and rotation policies with audits., Limit data retention periods to minimize breach impact., Conduct regular HIPAA security risk assessments with third-party auditors., Segment networks to isolate sensitive data (e.g., enrollment systems)., Train employees on phishing awareness and incident reporting.Implement strict MFA for all email accounts, especially shared inboxes., Enforce password complexity and rotation policies with audits., Limit data retention periods to minimize breach impact., Conduct regular HIPAA security risk assessments with third-party auditors., Segment networks to isolate sensitive data (e.g., enrollment systems)., Train employees on phishing awareness and incident reporting.Implement strict MFA for all email accounts, especially shared inboxes., Enforce password complexity and rotation policies with audits., Limit data retention periods to minimize breach impact., Conduct regular HIPAA security risk assessments with third-party auditors., Segment networks to isolate sensitive data (e.g., enrollment systems)., Train employees on phishing awareness and incident reporting.Implement strict MFA for all email accounts, especially shared inboxes., Enforce password complexity and rotation policies with audits., Limit data retention periods to minimize breach impact., Conduct regular HIPAA security risk assessments with third-party auditors., Segment networks to isolate sensitive data (e.g., enrollment systems)., Train employees on phishing awareness and incident reporting.Implement strict MFA for all email accounts, especially shared inboxes., Enforce password complexity and rotation policies with audits., Limit data retention periods to minimize breach impact., Conduct regular HIPAA security risk assessments with third-party auditors., Segment networks to isolate sensitive data (e.g., enrollment systems)., Train employees on phishing awareness and incident reporting.Implement strict MFA for all email accounts, especially shared inboxes., Enforce password complexity and rotation policies with audits., Limit data retention periods to minimize breach impact., Conduct regular HIPAA security risk assessments with third-party auditors., Segment networks to isolate sensitive data (e.g., enrollment systems)., Train employees on phishing awareness and incident reporting.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Shared inboxes with weak passwords are high-risk targets for phishing.,Prolonged data retention increases exposure in breaches.,MFA and password policies must be enforced rigorously in healthcare.,Regulatory non-compliance (e.g., HIPAA) amplifies financial and reputational damage.
References
Where can I find more information about each incident ?
Incident : Data Breach EYE413072525
Source: California Office of the Attorney General
Date Accessed: 2020-12-11
Incident : Data Breach EYE248072725
Source: Maine Office of the Attorney General
Date Accessed: 2020-11-30
Incident : Data Breach EYE5994859100225
Source: Class Action Settlement Notice (Tate v. EyeMed Vision Care LLC)
Incident : Data Breach EYE4802448100725
Source: Information Security Media Group (ISMG)
Incident : Data Breach EYE4802448100725
Source: NY DFS Consent Order (2022-10)
Incident : Data Breach EYE4802448100725
Source: NY AG Settlement (2022-01)
Incident : Data Breach EYE4802448100725
Source: 4-State AG Settlement (NJ, FL, PA, OR; 2023-05)
Incident : Data Breach EYE4802448100725
Source: HHS Breach Report (2020-09)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2020-12-11, and Source: Maine Office of the Attorney GeneralDate Accessed: 2020-11-30, and Source: Class Action Settlement Notice (Tate v. EyeMed Vision Care LLC), and Source: Information Security Media Group (ISMG), and Source: NY DFS Consent Order (2022-10), and Source: NY AG Settlement (2022-01), and Source: 4-State AG Settlement (NJ, FL, PA, OR; 2023-05), and Source: HHS Breach Report (2020-09).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach EYE5994859100225
Investigation Status: Settled (class action lawsuit)
Incident : Data Breach EYE4802448100725
Investigation Status: Closed (settlements finalized; final court hearing on 2026-01-07)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Class action settlement notices sent to affected individuals, Class-Action Settlement Notifications, Regulatory Disclosures (Hhs and State Ags).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach EYE5994859100225
Stakeholder Advisories: Settlement notices sent to affected class members
Customer Advisories: Class members instructed to file claims by Dec. 11, 2025, via online form or mail (Kroll Settlement Administration)
Incident : Data Breach EYE4802448100725
Stakeholder Advisories: Class-Action Settlement Notices, Regulatory Filings (Hhs, State Ags).
Customer Advisories: Breach notifications (2020)Settlement claims process (up to $10,100 per affected individual)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Settlement notices sent to affected class members, Class members instructed to file claims by Dec. 11, 2025, via online form or mail (Kroll Settlement Administration), Class-Action Settlement Notices, Regulatory Filings (Hhs, State Ags), Breach Notifications (2020), Settlement Claims Process (Up To $10,100 Per Affected Individual) and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach EYE4802448100725
Entry Point: Phishing email (compromised shared inbox)
High Value Targets: Customer Enrollment Data, Pii,
Data Sold on Dark Web: Customer Enrollment Data, Pii,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach EYE5994859100225
Root Causes: Alleged failure to implement adequate data security measures
Corrective Actions: Settlement agreement (no specific technical remediation details disclosed)
Incident : Data Breach EYE4802448100725
Root Causes: Weak Password On Shared Email Inbox, Lack Of Mfa, Excessive Data Retention (6+ Years), Inadequate Hipaa Compliance (Risk Assessments),
Corrective Actions: Enhanced Mfa And Password Policies, Third-Party Hipaa Security Risk Assessment, Reduced Email Retention Periods, Mandatory Security Awareness Training, Audit Mechanisms For Weak Passwords,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Settlement agreement (no specific technical remediation details disclosed), Enhanced Mfa And Password Policies, Third-Party Hipaa Security Risk Assessment, Reduced Email Retention Periods, Mandatory Security Awareness Training, Audit Mechanisms For Weak Passwords, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2020-12-11.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-09.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, , Social Security Numbers, , Names, Contact details, Dates of birth, Health insurance account numbers, Health insurance identification numbers, Medicaid/Medicare numbers, Driver’s licenses, Government identification numbers, , Personal Data, Sensitive Customer Information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Email Mailbox and Shared Employee Email Inbox (enrollment processing).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Shortened email retention periodEnhanced MFAPassword policy updates.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Medicaid/Medicare numbers, Social Security Numbers, Personal Data, Sensitive Customer Information, Driver’s licenses, Personal Information, Health insurance account numbers, Health insurance identification numbers, Dates of birth, Contact details and Government identification numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 2.1M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $12.6M+ ($4.5M NY DFS, $600K NY AG, $2.5M 4-state AG, $5M class-action).
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit settled for $5,000,000, Class-action lawsuit (settled 2026-01-07), NY DFS Consent Order (2022-10), NY AG Settlement (2022-01), 4-State AG Settlement (2023-05), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Regulatory non-compliance (e.g., HIPAA) amplifies financial and reputational damage.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement strict MFA for all email accounts, especially shared inboxes., Conduct regular HIPAA security risk assessments with third-party auditors., Segment networks to isolate sensitive data (e.g., enrollment systems)., Limit data retention periods to minimize breach impact., Train employees on phishing awareness and incident reporting. and Enforce password complexity and rotation policies with audits..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are NY AG Settlement (2022-01), Information Security Media Group (ISMG), Maine Office of the Attorney General, 4-State AG Settlement (NJ, FL, PA, OR; 2023-05), California Office of the Attorney General, Class Action Settlement Notice (Tate v. EyeMed Vision Care LLC), HHS Breach Report (2020-09) and NY DFS Consent Order (2022-10).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Settled (class action lawsuit).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Settlement notices sent to affected class members, Class-action settlement notices, Regulatory filings (HHS, state AGs), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Class members instructed to file claims by Dec. 11, 2025, via online form or mail (Kroll Settlement Administration), Breach notifications (2020)Settlement claims process (up to $10 and100 per affected individual).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing email (compromised shared inbox).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Alleged failure to implement adequate data security measures, Weak password on shared email inboxLack of MFAExcessive data retention (6+ years)Inadequate HIPAA compliance (risk assessments).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Settlement agreement (no specific technical remediation details disclosed), Enhanced MFA and password policiesThird-party HIPAA security risk assessmentReduced email retention periodsMandatory security awareness trainingAudit mechanisms for weak passwords.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=eyemed-vision-care' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
