Nassau OOGP Vision Group Data Breach Exposes Medical and Prescription Information

Healthcare data breach illustration
Breach Discovery: Not Publicly DisclosedBreach Notification: Not Publicly Disclosed

What Happened in the Nassau OOGP Vision Group Data Breach?

Nassau OOGP Vision Group, a major wholesaler and distributor of ophthalmic goods, recently disclosed a data breach that affected customers who placed contact lens orders. According to the company’s notice, an unauthorized third party gained access to its network in January 2024. This access allowed the intruder to acquire certain files containing sensitive customer information.

The exact method the attacker used to break into Nassau OOGP Vision Group’s systems has not been publicly disclosed. However, the company confirmed that unauthorized access to its network occurred in January 2024. As a result, files tied to customers who ordered contact lenses were compromised during this window.

Once the intrusion came to light, Nassau OOGP Vision Group activated its incident response protocols. The company then engaged a forensic firm to investigate the scope of the breach. This investigation involved a careful review of the affected files to determine precisely which data had been accessed by the unauthorized party.

In addition to its internal investigation, Nassau OOGP Vision Group filed formal notifications with state regulators. The company submitted a filing with the California Attorney General’s office describing the incident in detail. It also disclosed the breach to the Texas Attorney General, which further confirms the multi-state impact of this event.

Who was affected?

The breach specifically affected individuals who placed contact lens orders through Nassau OOGP Vision Group. Because the company operates as a wholesaler and distributor, the affected population likely includes patients who ordered lenses through eyecare providers or retail partners connected to the company’s systems.

Nassau OOGP Vision Group has not publicly specified the total number of individuals affected nationwide. However, the company has confirmed that at least 504 residents of Texas were impacted so far. Because the breach was also reported to California regulators, it appears likely that customers in multiple states were affected.

At this time, there is no indication in the company’s notices that minors were specifically targeted or disproportionately affected. Still, anyone who placed a contact lens order during the relevant timeframe should consider themselves potentially impacted until they receive further clarity.

What Information Was Potentially Exposed?

The data compromised in this incident is tied directly to customers’ vision care needs. Nassau OOGP Vision Group confirmed that the unauthorized party accessed several categories of personal information. Importantly, the breach did not involve Social Security numbers, financial account information, or treatment details.

  • Full names
  • Shipping addresses
  • Medical information
  • Prescription information related to contact lenses

Even without Social Security numbers or financial data, this exposure carries real risk. For example, prescription and medical information can be used to commit medical identity theft. This might involve someone using stolen prescription details to fraudulently order contact lenses or other vision care products in a victim’s name.

In addition, exposed shipping addresses combined with medical information could make affected individuals targets for phishing scams. Scammers often pose as legitimate healthcare providers or pharmacies to trick victims into revealing more sensitive data. Because this breach involves genuine prescription records, any follow-up communication referencing real medical details could appear more convincing and dangerous.

What is the company doing?

Once Nassau OOGP Vision Group discovered the breach, it moved to contain the incident and understand its scope. The company engaged a respected forensic firm to conduct a thorough investigation. This process included reviewing the affected files line by line to confirm what specific information had been accessed.

Following the investigation, Nassau OOGP Vision Group notified affected individuals and relevant state regulators, including the California and Texas Attorneys General. The company also emphasized its continued investment in data protection, employee training, and cybersecurity infrastructure to help prevent similar incidents going forward.

For those affected, Nassau OOGP Vision Group recommends monitoring statements from eyecare providers for unfamiliar charges or services. The company has also established a dedicated call center to answer questions and provide guidance. This line is available Monday through Friday from 8 a.m. to 5:30 p.m. Central Time.

Notably, Nassau OOGP Vision Group has not offered credit monitoring or identity theft protection services at this time. This is likely because the breach did not involve Social Security numbers or financial account information. Nonetheless, affected individuals should remain cautious given the sensitive nature of medical and prescription data.

What Should Affected Individuals Do?

Monitor Your Vision Care and Medical Statements

Because prescription and medical information was exposed, affected individuals should closely review statements from their eyecare providers. Look for any unfamiliar orders, services, or charges related to contact lenses or vision care products. If anything looks unusual, contact your provider right away.

This step matters because medical identity theft can be harder to detect than traditional financial fraud. Unlike a stolen credit card, fraudulent medical activity may not show up on a typical bank statement. As a result, staying proactive with eyecare-specific statements is especially important here.

Watch for Phishing Attempts Referencing Your Prescription Details

Affected individuals should be alert to phishing emails, texts, or calls that reference real prescription or medical details. Scammers sometimes use stolen information to make fraudulent messages appear legitimate. Because your actual prescription data may have been exposed, treat any unexpected outreach from


More Information

Official Notice from Nassau247

Official Data Breach Notification Letter (PDF)

Official State Attorney General Notification

Related Data Breaches