The largest eyewear firm globally, Luxottica, has had a number of its web portals targeted in a cyberattack that has resulted in a breach of the private data of over 800,000 patients.
Luxottica makes designer eyewear for numerous renowned fashion brands and owns many famous eyewear brands such as Ray-Ban. The group also manages the EyeMed vision benefits company and collaborates with LensCrafters, Target Optical, EyeMed, Pearle Vision, and other eye care providers. Luxottica partners are given web-based appointment scheduling solutions that are used to arrange appointments with eye care providers via the Internet and telephone.
According to a breach notice issued by Luxottica, the appointment scheduling solution was infiltrated by hackers on August 5, 2020 and the cybercriminals may have obtained access to the personal and protected health information of patients of its business partners.
Luxottica identified the breach on August 9, 2020 and swiftly took action to prevent further unauthorized access. The investigation showed personal and protected health information may have been viewed and stolen by the hackers. A range of data was potentially compromised, such as names, contact information, appointment dates and times, health insurance policy numbers, appointment notes, doctors’ notes, and information linked to eye care treatment, including health conditions, medical procedures, and prescriptions. Some patients also had their credit card information and/or Social Security number breached.
Luxottica has not found any evidence to indicate there has been any improper use of personal or protected health information; however, as a precautionary step, anyone whose financial information or Social Security number were potentially compromised have been offered a two-year free membership to Kroll’s identity theft protection service. Alerts began to be issued to the 829,454 patients impacted by the breach on October 27, 2020.
This is not the sole security breach to have impacted Luxottica in 2020. On September 18, 2020, the eyewear firm was hit by a Nefilim ransomware attack that resulted in severe outages and disruption to services in Italy and China. Protected information was also illegally obtained in the attack before the ransomware was deployed.