Italian eyewear brand Luxottica has reportedly confirmed that the data of more than 70 million customers in the United States and Canada was stolen after a data breach impacting one of its partners in 2021.
Luxottica said it discovered the breach through “proactive monitoring procedures” and immediately reported it to the US Federal Bureau of Investigation (FBI) and the Italian police.
Cyber security news site BleepingComputer reported that the breach involved the personal information of 70 million customers. It said a database containing customers’ email addresses, names, addresses, and dates of birth was posted on hacking forums.
Luxottica’s fashion, luxury, and sports eyewear portfolio includes brands such Ray-Ban, Oakley, Vogue Eyewear, Persol, and Oliver Peoples, as well as licensed brands including Giorgio Armani, Burberry, Chanel, Tiffany & Co., Valentino, and Versace.
EssilorLuxottica remains confident that its systems were not breached and its network remains secure.
The Group’s global wholesale distribution network covers more than 150 countries and is complemented by an extensive retail network of more than 9,000 stores.
It also operates Eyemed, one of the fastest-growing managed vision care networks in the United States.
BleepingComputer reported the latest cyber-attack was on an unnamed third-party data storage provider.
According to BleepingComputer, Luxottica suffered a data breach in August 2020 that exposed the personal information of 829,454 EyeMed and Lenscrafters patients. The following month, Luxottica once again suffered an attack, this time a ransomware attack that shut down the company’s operations in Italy and China.
In a statement to BleepingComputer, Luxottica reportedly confirmed the latest breach.
“We discovered through our proactive monitoring procedures that certain retail customer data, allegedly obtained through a third-party related to Luxottica retail customers, was published in an online post,” the Luxottica statement to BleepingComputer read.
“We immediately reported the incident to the FBI and the Italian Police. The owner of the website where the data was posted has been arrested by the FBI, the website was shut down and the investigation is ongoing.
“From our investigation, which is still going on, we know so far that the data primarily consists of customer contact details including names, addresses, phone numbers, emails, and dates of birth.
“The data does not include individuals’ financial information, social security numbers, login or password data or other information that would compromise the safety of our customers.
“EssilorLuxottica remains confident that its systems were not breached and its network remains secure.”
- Toulas, B., Luxottica confirms 2021 data breach after info of 70M leaks online, BleepingComputer, 19 May 2023, available at bleepingcomputer.com/news/security/luxottica-confirms-2021-data-breach-after-info-of-70m-leaks-online/ [accessed 2 June 2023].