An optometry association data breach is suspected to have occurred in which the sensitive data of optometrists and optometry students were stolen. Those data appear to have been used to fraudulently apply for credit.
Earlier this month, a number of optometrists and optometry students contacted the American Optometry Association (AOA) after receiving unsolicited Chase Amazon.com credit cards in the mail. Credit reference agencies also alerted a number of individuals about credit applications that were made.
The data needed by criminals to apply for credit could have come from any number of organizations, but since optometrists and optometry students have been specifically targeted it is probable that an optometry association data breach has occurred. At present it is unclear which organization has been attacked.
In response to reports of attempted credit fraud the AOA contacted the Federal Bureau of Investigation and the Federal Trade Commission for further information. An internal analysis of databases was also performed to determine whether the AOA was the source of the breach. That analysis did not uncover any evidence to suggest that AOA databases had been accessed by unauthorized individuals.
In a recent announcement the AOA also pointed out that it does not store Social Security numbers and that a number of the individuals targeted by the criminals were not present in its database. A breach is therefore suspected at another optometry association.
Other organizations have similarly responded to the fraud reports and have conducted their own investigations. The Association for Schools and Colleges of Optometry (ASCO) has completed its analysis and has confirmed that its databases were not accessed by unauthorized individuals. None if its vendors had experienced data breaches either. Both the National Board of Examiners in Optometry (NBEO) and the American Academy of Optometry (AAO) also confirmed that they were not the source of the breach. The source of the data currently remains a mystery.
The AOA has now issued a warning to all members to be vigilant and to take proactive steps to minimize potential credit damage. In a recent blog post, the AOA suggested that all members obtain credit reports from a credit reference agency immediately to check for signs of credit fraud. The AOA also suggests a credit freeze should be placed on accounts to prevent the fraudulent use of stolen data.