[BreachExchange] Optometry Group to Pay $3.5M Settlement in Data Breach Case

Destry Winant destry at riskbasedsecurity.com
Tue Mar 26 10:14:42 EDT 2019


https://invisionmag.com/optometry-group-to-pay-3-5m-settlement-in-data-breach-case/

The National Board of Examiners in Optometry plans to allot $3.25
million in a cash settlement fund to compensate approximately 61,000
victims of an alleged data breach that hit the profession nearly three
years ago, the American Optometric Association reports.

The class action settlement also outlines steps NBEO will take to
upgrade its data security practices. Chief U.S. District Judge James
K. Bredar of Maryland gave preliminary approval to the settlement on
March 7.

In 2016, large numbers of optometry students and optometrists across
the country began reporting identity theft, particularly stolen Social
Security numbers and other personal information used to apply for
Chase Amazon Visa credit cards, AOA explains. Following the breach,
optometrists filed actions against NBEO claiming the targeted
information was available and maintained by the organization as a
requirement for certifying exams and credentialing.

NBEO still disputes that it was the source of the breach.

The court agreed to deem eligible anyone whose personal information
was stored in NEBO’s systems as of Nov. 15, 2018, or anyone receiving
a legal notice stating they are a class member. A final approval
hearing is set for July 12.

The $3.25 million will be used to provide benefits for:

- Reimbursement for documented, traceable out-of-pocket losses (up to $7,500).
- Reimbursement for time spent remedying issues related to the alleged
breach (up to $1,000).
- Free credit monitoring services.
- Free identity restoration services.

NBEO agreed to pay additional administrative costs, fees and service
awards related to the settlement.

Also, NBEO “plans to retain an independent security firm to conduct a
written risk assessment of the board’s data security, encrypt
exam-takers’ personal information, and discontinue storage of
nine-digit SSNs in its electronic databases, per a legal notice,” AOA
reports.


More information about the BreachExchange mailing list