Eye Care Glasses Photo

EyeMed Vision Care Data Breach Lawsuit Settlement Reaches $5 Million

Millions of EyeMed vision customers can possibly open a breach settlement claim today.

  • Data Breach Lawsuit

Last Update

lawsuitlike
lawsuitlike
lawsuitlike

About the EyeMed Vision Care Settlement

 

EyeMed Vision Care has reached a $5 million settlement agreement over claims it failed to implement adequate data security measures.

 

The settlement resolves allegations stemming from an alleged June 2020 data breach that exposed the sensitive personal and medical information of up to 2.1 million vision insurance customers.

 

The breach allegedly occurred when an unauthorized third party gained access to employee email accounts through a phishing attack, potentially compromising years of stored customer data.

 

What Happened in the June 2020 Data Incident?

 

On June 24, 2020, an EyeMed employee reportedly fell victim to a sophisticated phishing email attack after allegedly and inadvertently providing access credentials to cybercriminals.

 

Slow response to breach

Plantiffs say the unauthorized access continued for seven days until July 1, 2020, when EyeMed's security team detected suspicious activity in the company’s email account server.

 

During this window, class plaintiffs say that threat actors sent approximately 2,000 phishing emails from the breached account and potentially accessed six years' worth of stored customer data.

 

Hacked account allegedly shared among employees 

An investigation later revealed that the compromised employee email account served as a shared mailbox used by nine EyeMed staff members for enrollment processing. 

 

This account contained extensive customer information dating back to 2014, protected only by what New York State's Department of Financial Services later described as "a weak password." 

 

While EyeMed denies any wrongdoing and maintains that it implemented reasonable security measures, the company agreed to pay $5 million to settle the class action lawsuit brought by affected customers in Tate v. EyeMed Vision Care LLC.

 

Personal Information Exposed in the Vision Care Privacy Breach

The scope of exposed data in this healthcare information lawsuit allegedly compromised medical and insurance records:

  • Full names and complete contact information
  • Dates of birth and Social Security numbers
  • Health insurance account numbers and identification codes
  • Medical diagnoses and treatment information
  • Medicaid and Medicare identification numbers
  • Driver's license numbers and other government-issued IDs

 

Plaintiffs argue that the combination of personal, financial, and medical data poses a significant risk of identity theft, insurance fraud, and medical identity theft, making comprehensive settlement benefits particularly important for affected individuals.

 

Cybersecurity Improvements Required by Settlement

As part of the settlement agreement, EyeMed Vision Care has agreed to implement substantial cybersecurity enhancements to prevent future data breaches. 

 

Improved servers and employee training

EyeMed will enhance network authorization requirements, ensuring stricter controls over who can access sensitive customer data. All EyeMed employees are also now required to complete mandatory security awareness training, with regular reminders about password complexity requirements. 

 

Better password protection 

Additionally, the company has updated its internal password reset procedures and implemented auditing mechanisms to identify and eliminate weak passwords across its systems.

 

EyeMed will also upgrade its multi-factor authentication protocols, making it significantly harder for unauthorized users to access accounts even with stolen credentials.

Who Can Possibly File an EyeMed Settlement Claim

Individuals must meet specific criteria established by the court to participate in this settlement:

  • Must be a U.S. resident.
  • Must have had personal information stored in the EyeMed Vision Care servers.
  • Must obtain a class member ID from the settlement administrator.

 

Some class members may have received an official data breach notification letter from EyeMed regarding the incident that occurred in June 2020. Breach notices may contain a unique class member ID that serves as a key to participating in the settlement. 

 

However, not receiving a breach notice doesn't disqualify EyeMed clients from possibly filing a claim. 

How to verify eligibility

Several resources exist to help customers in doubt obtain an EyeMed class member ID and confirm their eligibility status:

  • Contact Kroll Settlement Administration directly at (833) 621-8389 to obtain an ID number.
  • Visit www.eyemeddatasettlement.com and attempt to log in with any information you may have received.
  • Review your vision insurance records to confirm you were an EyeMed client during or before June 2020

 

Settlement administrators can search their records using names and addresses to determine if the customer is included in the class, even if they never received a breach notification.

 

Proposed EyeMed Settlement Compensation Structure

The most substantial compensation potentially available covers actual monetary losses directly attributable to the data breach. Eligible expenses must have incurred on or after June 24, 2020, and can include:

  • Unreimbursed losses from fraud or identity theft directly linked to the exposed data.
  • Professional fees paid to attorneys, accountants, or credit repair services.
  • Costs for credit monitoring services purchased after the breach.
  • Fees associated with freezing or unfreezing credit reports.
  • Bank charges for replacing compromised cards or closing fraudulent accounts.
  • Transportation expenses for trips to financial institutions to address fraud.
  • Miscellaneous costs, such as notary fees, postage, copying, and long-distance phone charges.

 

Documentation requirements include receipts, bank statements, invoices, or other proof showing the expenses resulted from the breach and haven't been reimbursed elsewhere.

 

Lost time agreement

Recognizing that dealing with a data breach consumes valuable time, the settlement provides possible compensation at $25 per hour for up to four hours spent addressing breach-related issues. 

 

This $100 maximum can cover time spent:

  • Reviewing bank and credit card statements for fraudulent charges.
  • Enrolling in credit monitoring or identity protection services.
  • Communicating with financial institutions about compromised accounts.
  • Filing police reports or completing identity theft affidavits.
  • Changing passwords and securing online accounts.

 

Claimants must attest that the time claimed was actually spent responding to the data incident, but detailed time logs aren't required.

 

Possible pro rata cash payment

Every eligible class member who submits a valid claim can potentially receive an equal share of the remaining settlement funds after the settlement administrator pays all benefits.

 

Attorneys for the plaintiffs estimate this payment may be approximately $50 per person, though the final amount depends on several factors.

 

How to Submit Your EyeMed Data Breach Claim

Online claim submission 

  1. Navigate to www.eyemeddatasettlement.com.
  2. Click on "File a Claim" or "Submit Claim Form"
  3. Enter the unique class member ID.
  4. Complete all required fields with accurate information.
  5. Upload supporting documentation for any expense reimbursement claims.
  6. Review submission for completeness and accuracy.
  7. Submit the claim and save the confirmation number.

 

Digital uploads of receipts, statements, and other proof can be attached directly to the claim, streamlining the review process.

 

Mail-in claim Option

  1. Download and print the PDF claim form from or call (833) 621-8389 to request one by mail.
  2. Fill out all sections completely using blue or black ink.
  3. Make copies of all supporting documentation.
  4. Include the class member ID on every page.
  5. Mail completed claim package to: Tate v EyeMed Vision Care LLC c/o Kroll Settlement Administration LLC P.O. Box 225391 New York, NY 10150-5391

 

Remember that mailed claims must be postmarked by December 11, 2025. Consider sending via certified mail to ensure delivery confirmation.

Important Dates and Deadlines

  • December 11, 2025: Final deadline to submit claims (postmark date for mailed claims).
  • January 7, 2026: Final Fairness Hearing at 1:00 p.m. ET.
  • Spring 2026: Estimated payment distribution (60+ days after final approval, pending appeals).

 

Missing the claim deadline means forfeiting the right to participate, regardless of your losses or eligibility status.

 

Learn more about this settlement 

Visit https://www.eyemeddatasettlement.com to check eligibility, obtain a class member ID, or learn more about the lawsuit.


Frequently Asked Questions (FAQ)

Yes, you can still file a claim even if you don't have your original notification letter. Contact Kroll Settlement Administration at (833) 621-8389 to verify your eligibility using your name and address. The settlement administrator can search their records to confirm if you're a class member and provide your unique class member ID needed to submit your claim online at www.eyemeddatasettlement.com.

 

No, participating in this settlement will not impact your current or future vision insurance coverage with EyeMed or any other provider. The settlement compensates you for potential harm from the June 2020 data breach and is entirely separate from your insurance benefits. You can continue to use your vision insurance as usual while pursuing your settlement claim.

 

The settlement caps individual compensation at $10,000 for all documented out-of-pocket expenses and lost time combined. If your actual losses exceed this amount, you'll receive the maximum $10,000 payment, plus the estimated $50 pro rata distribution. You cannot recover additional amounts through this settlement, though you retained the right to pursue separate legal action only if you opted out by November 11, 2025.

 

Yes, you can claim reimbursement for credit monitoring costs incurred from June 24, 2020 through the date you submit your claim. Include all receipts or bank statements showing these ongoing charges, even if the monitoring service continues beyond your claim submission date. The settlement acknowledges that data breach victims often require continuing monitoring to safeguard against identity theft.

This is an advertisement. OnlyClassActions is not a law firm or referral service, and we do not provide legal advice. OnlyClassActions provides a free service for individuals seeking legal representation, and we do not charge you to be connected with an attorney. We do not recommend or endorse any attorneys that pay to participate. OnlyClassActions utilizes a pool of attorneys in each jurisdiction, and attorneys are selected through a round-robin process without our evaluating your legal situation when selecting which attorney will receive your information. OnlyClassActions makes no representation about the quality of legal services or the qualifications of any attorney participating in our pool. Information you submit will be shared with third-party attorney(s). An attorney-client relationship is not formed when you submit information through the form. Hiring a lawyer is a critical decision and should not be predicated solely on comments, advertisements, or other content found on any website. You are under no obligation to retain a lawyer who contacts you through this service.

Add Comment