The eyewear retailer Warby Parker was hit with a $1.5 million fine by the Department of Health and Human Services on Thursday following a credential stuffing attack in 2018 that compromised the personal information of nearly 200,000 people.