Preview Newsletter
NBEO Scan
-
Developing story: ODs targeted for credit fraud
Aug 2, 2016 | Optometry Times
By Staff
Optometrists and optometry students are receiving unsolicited Chase Amazon credit cards in the mail. In addition, optometrists and students have been notified of fraud alerts by credit monitoring services. -
Optometrists and Optometric Students Are Targets of Far-Reaching Data Breach
Aug 5, 2016 | Vision Monday
By Staff
Optometrists and optometry students nationwide are being targeted in a far-reaching data breach involving Chase Amazon credit cards. Reports of the breach began surfacing this week from ODs and students who have received unsolicited Chase Amazon credit cards in the mail. Some say they have been notified of fraud alerts by credit monitoring services after suspected cyberattackers tried to open up accounts in cardholders’ names. -
American Optometric Association Warns Optometrists of Credit Fraud Risk
Aug 11, 2016 | HIPPA Journal
By Staff
The American Optometric Association (AOA) has warned optometrists and students to take steps to reduce the risk of credit damage and fraud. -
Lawsuit faults NBEO over data breach
Aug 31, 2016 | American Optometric Association
By Staff
A new lawsuit seeks to implicate the National Board of Examiners in Optometry (NBEO) in an ongoing data breach affecting untold numbers of optometry students and doctors. -
Optometrists Sue Over Data Breach
Sep 2, 2016 | Invision Magazine
By Staff
Nine optometrists and a student have filed a lawsuite against the National Board of Examiners in Optometry in connection with a data breach that has affected the profession, the American Optometric Association reports. -
AOA Calls for Change, Federal Investigation Following Data Breach (Press Release)
Oct 19, 2016 | Eyewire
In light of an ongoing data breach affecting optometry, American Optometric Association leadership issued a profession-wide call to action to curb current and future cases of identity theft, while also notifying the nation's chief law enforcement authority, according to an AOA statement. -
NBEO eliminates use of full social security numbers
Nov 4, 2016 | Healio
By Staff
The National Board of Examiners in Optometry will no longer use the full, nine-digit social security numbers of optometrists and optometry students in its database, the organization announced on its website Oct. 28.
Traditional Media Coverage
-
Developing story: ODs targeted for credit fraud
Aug 2, 2016 | Optometry Times
By Staff
Optometrists and optometry students are receiving unsolicited Chase Amazon credit cards in the mail. In addition, optometrists and students have been notified of fraud alerts by credit monitoring services.
At this time, the source of the breach is unknown.
If you suspect that a Chase Amazon credit card has been fraudulently opened in your name, contact Chase customer service. Call 1-800-432-3117 or visit Chase’s website: https://www.chase.com/credit-cards/customer-service
All three credit reporting agencies—Equifax, Experian, and TransUnion—allow consumers to check their credit reports for free once per year.
Contact them here:
• Equifax: www.equifax.com/home/en_us or 1-866-349-5191
• Experian: www.experian.com or 1-888-397-3742
• TransUnion: www.transunion.com or 1-800-916-8800
How did it happen?
Speculation is that an optometric organization had a data breach. The fact that students have been victims of the fraud narrows the possibilities.
The American Optometric Association (AOA), the American Academy of Optometry (AAO), the Association for Schools and Colleges of Optometry (ASCO), and National Board of Examiners in Optometry (NBEO) have confirmed that their databases have not been breached.
In a statement, the AOA says, “We investigated our databases and can confirm that AOA is not the source of the breach. Our members should feel assured that AOA employs stringent cybersecurity measures to protect your personal information. In addition, the AOA does not gather or store Social Security numbers in our membership records.
In a statement sent to AAO members, the organization says that Social Security numbers are not stored in registration or membership databases.
“Both the Academy and our database vendor follow the strictest payment card industry (PCI) compliance practices and take our data security very seriously. Furthermore, this breach has affected many individuals who do not have records in our database.”
In a statement, the NBEO says there is no evidence that the National Board’s database was hacked.
“After a thorough investigation and extensive discussions with involved parties, the NBEO has concluded that our information systems have not been compromised.”
NBEO CEO Jack Terry, OD, PhD, FAAO, says he understands that fraud victims are having credit card numbers and Social Security numbers hacked. NBEO does not keep a database of credit card numbers when paying for exams, he says, and going through their records, there is no indication that Social Security numbers were hacked. Such data is collected only when students or ODs register for National Board exams. ASCO executive director Dawn Mancuso, MAM, CAE, FASAE, confirmed that the breach didn’t come from an ASCO program.
“We have ruled out our Optometry Admission Test (OAT) exam and Optometry Centralized Application Service (OptomCAS),” she says.
In a statement, ARBO says, “From the preliminary information we’ve gotten, some of the students affected are not in our database, which indicates that ARBO is not the source of the breach. We will continue to investigate this further, but at this point we are confident that our data is secure.”
Chase did not respond to a request for comment.
-
Optometrists and Optometric Students Are Targets of Far-Reaching Data Breach
Aug 5, 2016 | Vision Monday
By Staff
Optometrists and optometry students nationwide are being targeted in a far-reaching data breach involving Chase Amazon credit cards. Reports of the breach began surfacing this week from ODs and students who have received unsolicited Chase Amazon credit cards in the mail. Some say they have been notified of fraud alerts by credit monitoring services after suspected cyberattackers tried to open up accounts in cardholders’ names.
Although the source of the breach is unknown and its full scope has yet to be determined, the American Optometric Association (AOA), the American Academy of Optometry (AAO), the Association for Schools and Colleges of Optometry (ASCO), and National Board of Examiners in Optometry (NBEO) were quick to assure members that their databases have not been hacked.
In a message posted Aug. 2 on the AOA website, the organization told members, “AOA is aware of reports that suggest cyberattackers have opened or attempted to open Chase Amazon.com credit accounts in doctors' and students' names with some receiving denial letters or approved cards. An immediate investigation into AOA's own databases was conducted, and AOA confirms it is not the source of this potential data breach.”
Barbara L. Horn, OD, AOA secretary-treasurer, said members should feel assured that AOA employs stringent cybersecurity measures to protect personal information, and additionally, AOA neither gathers nor stores Social Security numbers.
AOA advised victims of the suspected data breach to call (888) 247-4080 (the Amazon Rewards Chase card contact number) to check and see if they have been affected, and the Chase Fraud contact number (877) 470-9042, to ensure the application is canceled and reported as fraud.
ASCO executive director Dawn Mancuso told VMail that ASCO has conducted a review with the third-party vendors that maintain its data bases for optometry school applications and exams, and has confirmed that those data bases were not breached. “We’re trying to figure out how this happened,” said Mancuso. “We reached out to the FBI, and are communicating with the deans and presidents of the optometry schools as well as with other optometric organizations,” she said.
Mancuso also told VMail, “We received confirmation from our three vendors for our OAT (Optometry Admission Test), ORMatch (Optometry Residency Match) and OptomCAS (Optometry Centralized Application Service) programs, and none were able to find any evidence of activity that would have led to a breach of data security or the release of personal information that could fraudulently be used to open the multitudes of credit card accounts that have come to light over the last few days.
“This is a very serious issue, and ASCO and its vendors follow strict security guidelines whenever and wherever we collect sensitive personal information. We stand ready to do all we can to help the community and law enforcement officials find the source of the breach.”
The AAO posted a message on its site indicating that it does not store social security numbers in its membership or registration databases, and noted that the breach has affected many individuals who do not have records in its database.
A message posted by NBEO on its site stating that “after a thorough investigation and extensive discussions with involved parties, the NBEO has concluded that our information systems have not been compromised.” -
American Optometric Association Warns Optometrists of Credit Fraud Risk
Aug 11, 2016 | HIPPA Journal
By Staff
The American Optometric Association (AOA) has warned optometrists and students to take steps to reduce the risk of credit damage and fraud.
A number of optometrists and optometry students have reported receiving Chase Amazon credit cards in the mail, even though they did not apply for new credit accounts. Some individuals with credit alerts on their accounts have also reported being contacted by credit reference agencies to alert them to failed attempts to open credit accounts in their names. The high number of reports suggest that a data breach has occurred, although at this stage it is unclear which organization has been attacked.
Reports of credit card fraud and other fraudulent activity started circulating on August 2, 2016. AOA contacted both the Federal Bureau of Investigation and the Federal Trade Commission for further information. The AOA also conducted an investigation to determine whether cyberattackers had succeeded in infiltrating its network and accessing its databases.
That investigation has now been completed and AOA is certain that its network remains secure and that it was not the source of the breach. Many of the individuals that received credit cards or had applications declined were not present in its database. The AOA also confirmed that Social Security numbers are not stored in its databases.
Other associations have similarly performed analyses of their networks and data access logs to determine whether they had been attacked. So far, the American Academy of Optometry (AAO) and the National Board of Examiners in Optometry (NBEO) have completed internal investigations and have confirmed that their networks have not been infiltrated. The Association for Schools and Colleges of Optometry (ASCO) also conducted an investigation and confirmed that its systems had not been breached. A review of its third party vendors was also conducted, but their databases were found to be secure with no external access discovered. However, the attackers have obtained data from somewhere, but the source of the data remains a mystery.
Optometrists and optometry students have been warned to be on high alert and have been advised to take steps to protect their credit. A credit report should be obtained from one of the three main credit agencies – Experian, Equifax, or Transunion – and the reports should be scrutinized for signs of fraudulent activity. A credit report can be obtained without charge every 12 months. A report can also be obtained from each of the other two agencies. Spreading out the reports will allow individuals to monitor their credit for a longer period without charge.
A credit freeze can also be placed on accounts by containing the credit agencies. This will ensure that credit cannot be taken out in individuals’ names. Alternatively, placing credit alerts on accounts will ensure that individuals are notified if an application for credit is received.
-
Lawsuit faults NBEO over data breach
Aug 31, 2016 | American Optometric Association
By Staff
A new lawsuit seeks to implicate the National Board of Examiners in Optometry (NBEO) in an ongoing data breach affecting untold numbers of optometry students and doctors.
Filed Aug. 14 in the U.S. District Court of Maryland, the complaint, which is seeking class action status, alleges that NBEO, or a party within its control, failed to protect sensitive personal information-names, birthdates, Social Security numbers (SSNs), addresses or credit card information-of exam takers and others contained in NBEO's systems. The complaint goes on to claim that NBEO not only failed to provide notice of the breach to victims, but also denied its responsibility for the breach.
The lawsuit is very similar to one filed Aug. 30, 2016, against NBEO alleging that it was liable for the data breach. That case was dismissed on March 22, 2017. The court agreed with NBEO's contention that the plaintiffs in the earlier case failed to allege sufficient facts to tie NBEO to the breach and, furthermore, did not allege they had suffered a financial injury.
Brought forward by nine doctors of optometry and one student affected by the breach, the current complaint alleges that NBEO is the only common thread among the parties and provides examples of financial harm suffered by the plaintiffs. The lawsuit seeks damages, restitution, attorneys' fees and injunctive relief.
"The fraud resulting from this data breach is as extensive as any data breach in history, with an alarming percentage of optometrists practicing in the United States having already suffered identity theft and fraud," the current complaint states. "The damage resulting from this breach is extensive and ongoing."
In one case, a plaintiff reported three separate occasions where fraudsters applied for Chase Amazon Visa credit cards using her stolen personal information. Although all three applications were cancelled due to the plaintiff's diligence in freezing her credit, the plaintiff's credit card information was used to charge more than $1,800, a reloadable prepaid Visa was opened in her name and a fraudulent eBay order was placed.
In another case, the plaintiff alleges that she proactively and periodically contacted Chase to inquire about applications filed in her name. When the plaintiff learned of one such fraudulent application filed in her maiden name, she reported the fraud; however, she notes the "hard inquiry" from the fraudulent application still appears months after the fact, damaging her credit. It wasn't until April 2017 that the plaintiff learned of another fraudulent application using her maiden name and parents' address- which the plaintiff claims is the same information used to register with NBEO.
"She provided the Illinois Optometric Association and the American Optometric Association (AOA) with her new name after she was married in 2014, and she had updated her address with those organizations in 2013," the complaint alleges. "She never updated any of her information with NBEO because the board exams were long over and it seemed unnecessary as NBEO is not an active organization like AOA."
Moreover, after these fraudulent applications were filed, the plaintiff claims that she confirmed that NBEO still maintained her prior name and address in its systems.
Other plaintiffs' accounts note the combination of maiden/married names and outdated addresses, financial harm, expenses associated with credit monitoring services, and concern for sensitive personal information being sold on the internet.
It's believed that fraudsters stole personal information to take advantage of an Amazon.com promotion where enrollees for a Chase Amazon Vision credit card would receive $50 in their account. The complaint alleges fraudsters used victims' real information for the application, then linked the card to a false account to collect the money. But, subsequently, the fraud has expanded beyond these Chase Amazon cards and affected victims' other accounts.
AOA advocates for doctors, students throughout
Amid the initial wave of malicious credit line openings circulating Aug. 2, 2016, the AOA immediately conducted its own internal investigation-finding no breach of its database-and began imploring affected parties to hedge against credit or financial damage. As the situation progressed, and it became clear that SSNs were the targeted personal information, then AOA President Andrea P. Thau, O.D., called on NBEO to issue reassurances that such personal data was protected.
Lacking any formal reply, AOA's Board of Trustees took additional action Oct. 8, appealing to other optometric organizations to petition optometric testing organizations over the elimination of SSNs as personal identifiers. Weeks later, NBEO announced it would discontinue use of SSNs in favor of a new 'OE Tracker number system' that addressed "contemporary global concerns about the challenges in protecting personal identifiers within all databases," the NBEO's TestPoints® newsletter stated.
At the time, Dr. Thau called the move a step in the right direction, adding: "[AOA] will continue to press for action, including federal investigation into the breach, to provide peace of mind for our members and colleagues."
In a letter to the U.S. Attorney General's Office, the AOA called for further Department of Justice investigation into the identity thefts in hopes of holding those responsible accountable. In the months since, AOA has relayed information, as it becomes apparent, to help mitigate concerns stemming from the data breach, including hosting a session with the FTC.
"The profession deserves to know as promptly as possible the sources and extent of the breach, and the remedy offered by the compromised party," said AOA President Christopher J. Quinn, O.D. "This has been our message from day one to law enforcement and federal agencies, as well as to any individual or any organization with knowledge of what occurred." -
Optometrists Sue Over Data Breach
Sep 2, 2016 | Invision Magazine
By Staff
Nine optometrists and a student have filed a lawsuite against the National Board of Examiners in Optometry in connection with a data breach that has affected the profession, the American Optometric Association reports.
The suit "alleges that NBEO, or a party within its control, failed to protect sensitive personal information-names, birthdates, Social Security numbers (SSNs), addresses or credit card information-of exam takers and others contained in NBEO's systems," according to AOA. It was filed last month in the U.S. District Court of Maryland.
The plaintiffs are seeking class-action status.
"The complaint goes on to claim that NBEO not only failed to provide notice of the breach to victims, but also denied its responsibility for the breach," AOA reports.
The plaintiffs are seeking damages and restitution along with attorneys' fees and injunctive relief.
The complaint states: "The fraud resulting from this data breach is as extensive as any data breach in history, with an alarming percentage of optometrists practicing in the United States having already suffered identity theft and fraud. The damage resulting from this breach is extensive and ongoing."
AOA writes: "It's believed that fraudsters stole personal information to take advantage of an Amazon.com promotion where enrollees for a Chase Amazon Vision credit card would receive $50 in their account. The complaint alleges fraudsters used victims' real information for the application, then linked the card to a false account to collect the money. But, subsequently, the fraud has expanded beyond these Chase Amazon cards and affected victims' other accounts."
-
AOA Calls for Change, Federal Investigation Following Data Breach (Press Release)
Oct 19, 2016 | Eyewire
In light of an ongoing data breach affecting optometry, American Optometric Association leadership issued a profession-wide call to action to curb current and future cases of identity theft, while also notifying the nation's chief law enforcement authority, according to an AOA statement.
As yet another wave of malicious credit card applications keeps the profession reeling, the AOA Board of Trustees passed a motion on October 8 encouraging optometric organizations to take immediate steps to meet recognized standards for data security.
The new resolution calls for a united effort by AOA, affiliates and others, asking each to petition optometric testing organizations, including the National Board of Examiners in Optometry (NBEO), and state boards of optometry to eliminate the use of SSNs as personal identifiers, in favor of unique identifier numbers, wholly unrelated to SSNs or other sensitive personal information.
Ensuring data privacy
While the source of this particular data breach is still unknown, students are preparing to take their board examinations and, to do so, they currently need to provide sensitive information, including SSNs. This requirement is not consistent across health care professions.
The Joint Commission on National Dental Examinations, for instance, requires dental students to use a unique identifier—known as a DENTPIN—to access testing resources, instead of an SSN. The American Dental Educators Association states the DENTPIN replaced "Social Security numbers, Canadian Social Insurance Numbers, or Reference Numbers to help protect sensitive, identifying information while facilitating data collection and reporting."
This AOA Board motion comes two weeks after AOA President Andrea P. Thau, O.D., called on the NBEO to issue privacy reassurances to students and recent graduates that their personal data will be protected. "In order to allay these concerns, can you provide assurances that the current NBEO registration system for new registrants—which includes the required entry of Social Security numbers—comports with best practices for testing bodies in other professions and meets all applicable industry standards for data security?" Dr. Thau questioned.
The AOA has yet to receive a formal reply, but will continue insisting on the latest, most accurate information to provide to its members. The AOA encourages all doctors of optometry—not only students and new graduates—to initiate credit monitoring, as all signs point to profession-wide involvement. Click here to learn more about protecting your identity, even if you haven't been affected by this particular breach.
AOA continues push for federal investigation
Optometry deserves to know the source of this breach and be assured that steps are being taken to eliminate the chance of this occurring again. The AOA is taking those steps, not only by calling on testing organizations and state boards, but also by reaching out to federal investigators.
Following initial reports of unsolicited, fraudulent applications for Chase Amazon.com Visa cards on and around Aug. 2, the AOA contacted the FBI and Federal Trade Commission to apprise investigators. Now, AOA's leadership has taken another step. At the direction of AOA's Board of Trustees, the AOA also drafted a letter to the U.S. Attorney General's Office that calls for further Department of Justice investigation into the identity thefts currently affecting untold numbers in optometry.
As stated in the letter (member login required), the AOA hopes that by holding those responsible accountable, and reforming state licensing and testing requirements to address privacy concerns, "the profession may begin to put this episode behind it and reduce the likelihood of any similar occurrence in the future." The letter continues: "The AOA respectfully requests the Department of Justice, acting through the FBI, pursue an investigation to identify the data thieves responsible for this criminal act."
The AOA reiterates that no breach of AOA's systems occurred, and furthermore, AOA does not gather SSNs through its membership process. The AOA continues to follow this situation closely and will provide updates when possible.
-
NBEO eliminates use of full social security numbers
Nov 4, 2016 | Healio
By Staff
The National Board of Examiners in Optometry will no longer use the full, nine-digit social security numbers of optometrists and optometry students in its database, the organization announced on its website Oct. 28.
The board said it will rely on the OE Tracker number system as the primary identifier.
“The national board remains mindful of concerns within the profession as we continue to work with outside experts to investigate recent complaints regarding the privacy and security of personal information entrusted to us,” the NBEO said on its website.
The OE Tracker number and last four digits of social security numbers will be used going forward with new registrants, according to the NBEO.
“With respect to individuals already in the NBEO database, their full social security numbers have been replaced with only the last four digits,” the group stated on its website.
A new profile creation feature went into effect Oct. 20, the board stated in its fall newsletter.
The American Optometric Association reported on its website Oct. 13 that it passed a motion “encouraging optometric organizations to take immediate steps to meet recognized standards for data security” in light of an ongoing data breach affecting optometry.
The AOA called for optometric testing organizations to eliminate the use of social security numbers.
In early August, reports of unsolicited, fraudulent applications from optometrists for Chase Amazon.com Visa cards became public. The AOA said it contacted the Federal Bureau of Investigations and the Federal Trade Commission and sent a letter to the U.S. Attorney General’s office requesting that the Department of Justice investigate.
"This data breach has impacted doctors and students of optometry across the country, and the AOA is pleased that NBEO has agreed to take this action to alleviate concerns and prevent future identity thefts," AOA President Andrea P. Thau, OD, said on the AOA’s website. "We will continue to press for action, including federal investigation into the breach, to provide peace of mind for our members and colleagues."
"This is a great victory for the AOA's student members," Ashley Wing, Pacific University College of Optometry student, added. "The decision by the NBEO to reverse course and now begin to institute key security safeguards for our personal data follows a determined effort by concerned students and our national organization, the AOA, to insist on change."
Traditional Media Coverage
Add recipients
Suggested