Content

Notification Regarding the EyeMed Data Breach

Notification Regarding the EyeMed Data Breach

Nippon Life Insurance Company of America® (‘Nippon Life Benefits®’ or ‘we’) takes its privacy and security obligations seriously and is steadfast in its commitment to the protection of the confidential information of its customers. As such, we want to inform you of a data breach on the part of our vision administrator, EyeMed, that may involve some of your personal information. EyeMed is under contract with Nippon Life Benefits to provide its insureds with access to the EyeMed vision network and, because of the services they provide, may have had access to your personal information as described below.

Written notice of this breach will be provided by EyeMed, on behalf of Nippon Life Benefits, to individuals whose information may have been exposed. Not all Nippon Life Benefits insureds were impacted – 644 current and former insureds with vision coverage were affected. However, as a component of our mitigation efforts, we are providing this notice in the event certain individual breach notification letters mailed to affected individuals are unsuccessfully delivered or returned due to outdated contact information. We are also providing this notice so that impacted insureds may take steps to protect themselves from potential harm resulting from this breach prior to their receipt of a breach notification letter.

What Happened?

On July 1, 2020, EyeMed discovered that an unauthorized individual gained access to an EyeMed email mailbox and sent phishing emails to email addresses contained in the mailbox’s address book. On the same day, EyeMed promptly blocked the unauthorized individual’s access to the mailbox and secured the mailbox. As a general matter, the mailbox contained information (see below) about current and former recipients of EyeMed vision benefits, including certain Nippon Life Benefits’ current and former insureds.

On the evening of September 28, 2020, we received notification from EyeMed regarding the incident generally, but were not aware of whether it affected any of our current or former membership. On September 29, 2020 – less than 24 hours after EyeMed’s notification to us - Nippon Life Benefits convened its Incident Response Team (“IRT”). The IRT reviewed and analyzed available information from EyeMed in order to identify steps for protecting the personal information of any impacted Nippon Life Benefits’ customers.

On October 16, 2020, EyeMed confirmed that the incident impacted certain Nippon Life Benefits’ current and former insureds. Accordingly, to ensure that we are taking every conceivable measure to protect the confidentiality of each impacted insureds’ personal information, we are providing this notice concurrent with individual notification letters to affected Nippon Life Benefits’ insureds.

What Information Was Involved?

EyeMed’s investigation determined that personal information of participants accessed included: full name, address, date of birth, phone number, email address, vision insurance account/identification number, health insurance account/identification number and, other government identification number. For some individuals, partial or full social security numbers and/or financial information were implicated.

What is EyeMed Doing?

On the same day it discovered the incident, EyeMed blocked the unauthorized individual’s access to the mailbox and secured the mailbox. EyeMed then launched a comprehensive investigation into the incident and hired a cybersecurity firm to assist in its efforts. To help prevent something like this from happening again, EyeMed has taken action to enhance the protections that were already in place before the incident. Among other actions, EyeMed has implemented additional security measures for authorized access to its network and is providing additional security awareness training. EyeMed will also continue to cooperate with Nippon Life Benefits and federal & state regulators as appropriate.

What You Can Do

If you were impacted by this breach, you will be mailed a breach notification letter to the address that we have on file. For more information regarding this incident, including whether your personal information may have been affected by this incident, and to learn about the complimentary (credit monitoring) services that EyeMed has arranged for affected consumers, please contact Eyemed at: 888-974-0076.

Or – you may reach out to us directly by calling the following:

800-374-1835 – English

800-971-0638 – Japanese

877-827-8713 – Korean

Steps You Can Take to Further Protect Your Information

As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including your state attorney general and the Federal Trade Commission (FTC). To file a complaint with the FTC, go to IdentityTheft.gov or call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC's Identity Theft Data Clearinghouse, which is a database made available to law enforcement agencies.

Contact information for the three nationwide credit reporting companies is as follows:

Equifax Experian TransUnion
1-800-685-111
P.O. Box 740256
Atlanta, GA 30348
www.equifax.com
888-397-3742
P.O. Box 4500
Allen, TX 75013
www.experian.com
800-916-8800
P.O. Box 2000
Chester, PA 19016
www.transunion.com

 

Free Credit Report. We remind you to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity.  You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies.  To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228.  You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available from the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov).

Medical Privacy. We recommend that you regularly review the explanation of benefits statements that you receive from Nippon Life Benefits. If you see any service that you believe you did not receive, please contact Nippon Life Benefits at the number on the statement. You may want to order copies of your credit reports and check for any medical bills that you do not recognize. If you find anything suspicious, call the credit reporting agency at the phone number on the report. Keep a copy of this notice for your records in case of future problems with your medical records. You may also want to request a copy of your medical records from your provider, to serve as a baseline.

Fraud Alert. You may place a fraud alert in your file by calling one of the three nationwide credit reporting agencies above. A fraud alert tells creditors to follow certain procedures, including contacting you before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. Pursuant to the Economic Growth, Regulatory Relief, and Consumer Protection Act, you may place a fraud alert on your file free of charge. Additional information is available at http://www.annualcreditreport.com

Security Freeze. In some US states, you have the right to put a security freeze on your credit file. A security freeze (also known as a credit freeze) makes it harder for someone to open a new account in your name. It is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to apply for a new credit card, wireless phone, or any service that requires a credit check. You must separately place a security freeze on your credit file with each credit reporting agency. To place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement, or insurance statement. There is no charge to request a security freeze or to remove a security freeze.

Federal Trade Commission and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or avoid identity theft. You may contact the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, D.C. 20580, www.ftc.gov/bcp/edu/microsites/idtheft/, 1-877-IDTHEFT (438-4338).

Take Advantage of Additional Free Resources on Identity Theft
We recommend that you review the tips provided by the Federal Trade Commission's Consumer Information website, a valuable resource with some helpful tips on how to protect your information. Additional information is available at https://www.consumer.ftc.gov/topics/privacy-identity-online-security

For more information, please visit IdentityTheft.gov or call 1-877-ID-THEFT (877-438-4338). A copy of Identity Theft – A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft, can be found on the FTC's website at https://www.consumer.ftc.gov/articles/pdf-0009_identitytheft_a_recovery_plan.pdf

Our website uses anonymized Google analytics. The only personal information we collect from this tool is the general location from where you access our website. To find out more about Google anonymization please click here. For more information on our data collection tools, processes and procedures refer to our privacy statement which can be found here. Accept