The National Board of Examiners in Optometry plans to allot $3.25 million in a cash settlement fund to compensate approximately 61,000 victims of an alleged data breach that hit the profession nearly three years ago, the website InvisionMag reports with reference to the American Optometric Association.
The class action settlement also outlines steps NBEO will take to upgrade its data security practices. Chief U.S. District Judge James K. Bredar of Maryland gave preliminary approval to the settlement on March 7.
In 2016, large numbers of optometry students and optometrists across the country began reporting identity theft, particularly stolen Social Security numbers and other personal information used to apply for Chase Amazon Visa credit cards, AOA explains. Following the breach, optometrists filed actions against NBEO claiming the targeted information was available and maintained by the organization as a requirement for certifying exams and credentialing.
NBEO still disputes that it was the source of the breach.
The court agreed to deem eligible anyone whose personal information was stored in NEBO’s systems as of Nov. 15, 2018, or anyone receiving a legal notice stating they are a class member. A final approval hearing is set for July 12.
The $3.25 million will be used to provide benefits for reimbursement for documented, traceable out-of-pocket losses (up to $7,500); Reimbursement for time spent remedying issues related to the alleged breach (up to $1,000); Free credit monitoring services; Free identity restoration services.
NBEO agreed to pay additional administrative costs, fees and service awards related to the settlement.
Also, NBEO “plans to retain an independent security firm to conduct a written risk assessment of the board’s data security, encrypt exam-takers’ personal information, and discontinue storage of nine-digit SSNs in its electronic databases, per a legal notice,” AOA reports.