Summary: Warby Parker has been fined .5 million by the Department of Health and Human Services following a credential stuffing attack in 2018 that compromised personal information of around 200,000 individuals. The Office for Civil Rights identified significant security failures at the company, including a lack of proper risk analysis and security measures regarding electronic personal health information. Although Warby Parker has faced previous smaller incidents, they have still not adequately assessed the risks to their health information as of September 2024.
Affected: Warby Parker
Keypoints:
- Credential stuffing attack in 2018 compromised data of nearly 200,000 individuals.
- Warby Parker failed to conduct a thorough risk analysis and implement necessary security measures.
- The Department of Health and Human Services is updating HIPAA rules to include new cybersecurity regulations.
Source: https://therecord.media/feds-fine-warby-parker-health-data