Nassau OOGP Vision Group Data Breach

Nassau OOGP Vision Group (“OOGP”) has announced a data security incident involving unauthorized access to its network. According to the notice, an unauthorized third party accessed OOGP’s network and acquired certain files in January 2024.

Upon discovering the incident, OOGP initiated its incident‑response protocols, secured its systems, and launched an investigation with the assistance of a third‑party forensic firm. The investigation included a comprehensive review of the affected files to determine what information may have been involved.

Following this review, OOGP determined that the impacted files contained information related to contact lens orders, including details tied to specific order records from the associated data owner. On completion of its review, OOGP began mailing formal notification letters to affected individuals.

Nassau OOGP Vision Group is a comprehensive, EssilorLuxottica-affiliated distributor and laboratory service provider for eye care professionals. It specializes in stocking, distributing, and fabricating contact lenses and eyeglass lenses.

The impacted data relates to individuals whose order‑related information was stored within OOGP’s systems at the time of the unauthorized access. Following the breach, OOGP reported that it continues to invest in enhanced data‑protection measures, cybersecurity infrastructure, and internal training efforts.

If you received a Data Breach notification letter from Nassau OOGP Vision Group, it confirms that your personal information may have been accessed and/or acquired by an unauthorized party.

What information is involved in the Nassau OOGP Vision Group Data Breach?

Compromised information may include:

The notice specifies that Social Security numbers, financial information, and treatment information were NOT involved in this incident.

Your Personally Identifiable Information (PII) includes details that can be used to identify you, while prescription information may relate to sensitive health‑related data tied to your contact lens order. Organizations that maintain this information must take appropriate steps to safeguard it under state and federal data‑privacy requirements.

If Protected Health Information (PHI) was involved, the exposed data may include medical information protected under HIPAA and state privacy laws. PHI exposure increases the risk of medical fraud, insurance fraud, and unauthorized use of confidential health data.

While OOGP has stated that it has no specific indication of fraudulent use associated with this incident, exposed PII—especially when paired with order or prescription data—can increase risks of privacy invasion, customer‑account misuse, or unauthorized product fulfillment activities.

If your data was included in the breach, it is important to remain vigilant in monitoring order histories, provider statements, and any communications regarding your vision‑care services.

Residents of California benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), which provides additional rights regarding the collection, storage, and protection of personal information. California residents may also have additional legal remedies when personal data is compromised in a breach.

OOGP advises affected individuals to review statements from their eyecare providers and immediately report any charges or services they do not recognize.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.