On May 16, 2023, New Jersey Attorney General Matthew J. Platkin announced EyeMed Vision Care reached a $2.5 million settlement with New Jersey, Oregon, and Florida following a 2020 data breach. During the 2020 breach, approximately 2.1 million people’s personal and medical information was compromised. “The multistate investigation found deficiencies in EyeMed’s data security program that contributed to the breach in violation of state consumer protection and personal information protection laws and the federal Health Insurance Portability and Accountability Act (“HIPAA”),” Platkin wrote in the press release. Several EyeMed employees were also found to be sharing one password to an email account used to “communicate sensitive consumer information, including information related to vision benefits enrollment and coverage, to EyeMed clients.” In June 2020, an unauthorized user accessed the EyeMed email account and exposed about six years’ worth of information, including: Additionally, EyeMed Vision Care also agreed to pay a $4.5 million penalty to New York State in October 2022 for Department of Financial Services (DFS) violations related to the same 2020 breach.