EyeMed Vision Care LLC must pay a $4.5 million penalty to New York for an email data breach that exposed customer information in violation of the state’s cybersecurity regulation.
The company agreed to take steps toward better securing its data as part of a settlement with the New York State Department of Financial Services, the agency announced Tuesday.
A bad actor gained access to a shared EyeMed email account that contained more than six years’ worth of information on customers, including minors, following a July 2020 phishing attack, according to the department’s investigation.
The department found that EyeMed failed to ...