The world’s biggest eyewear company Luxottica encountered a cyberattack that impacted a number of the company’s websites.
Luxottica owns eyewear brands that include Ray-Ban, Persol, and Oakley. It manufactures designer eyewear for a lot of widely recognized fashion brands. At the same time, it manages the EyeMed vision benefits firm in partnership with Pearle Vision, LensCrafters, EyeMed, Target Optical, and some other eye care companies.
Luxottica partners get access to an online appointment scheduling software program that makes it possible for patients to schedule consultation visits with eye care providers on the internet and via telephone. Based on the latest breach notification, unknown individuals hacked the appointment scheduling software program on August 5, 2020. The hackers potentially acquired access to the personal data and protected health information (PHI) of Luxottica’s eye care partners’ patients.
Luxottica learned about the occurrence of the cyberattack on August 9, 2020. Without delay, it took action to control the breach. The succeeding investigation affirmed that the hackers potentially accessed and got personal data and PHI of patients. The types of information compromised included the following: names, contact details, appointment dates and times, medical insurance policy numbers, notes on appointments, doctors’ notes, and data associated with eye care treatment, such as medical conditions, operations, and prescription medications. The credit card number and/or Social Security number of some patients may have been exposed, too.
Luxottica has not received reports of any cases regarding personal data or PHI misuse. However, as a safety precaution, the company offered free two-year identity theft protection services via Kroll to persons whose financial data or Social Security numbers were potentially exposed. Luxottica began sending breach notifications to 829,454 people on October 27, 2020.
Luxottica has encountered other security breaches this year. A Nefilim ransomware attack occurred on September 18, 2020 which resulted in substantial outages and disruption of the eyewear company’s services in China and Italy. The attackers also stole sensitive information before deploying the ransomware.