The biggest eyewear business in the world, Luxottica, had a cyberattack that affected several websites managed by the company.
Luxottica is the owner of the popular eyewear brands Persol, Ray-Ban, and Oakley. It produces designer eyewear for many known fashion brands. In addition, it runs the EyeMed vision benefits company together with EyeMed, Pearle Vision, Target Optical, LensCrafters, and other eye care firms.
Luxottica partners have access to a web-based appointment management system that gives patients the option to book consultation visits with eye care professionals online or by phone call. According to the most recent breach notice, unidentified persons hacked the appointment scheduling system on August 5, 2020 and potentially accessed the personal information and protected health information (PHI) of the patients of Luxottica partners.
Luxottica found out about the cyberattack incident on August 9, 2020. Straight away, it had taken action to limit the effects of the breach. The following investigation confirmed that the hackers possibly viewed and obtained the patients’ personal information and PHI. The types of data potentially exposed included names, contact information, appointment dates and times, health insurance policy numbers, appointment notes, doctors’ notes, and information on eye care treatment, for instance, medical conditions, surgical procedures, and prescription medicines. Some patients’ credit card number and/or Social Security number might have been compromised as well.
Luxottica got no report of any incident of misuse of personal data or PHI. Nevertheless, as a safety measure, the company provided complimentary identity theft protection services for two years through Kroll to individuals who had their financial information or Social Security numbers possibly exposed. Luxottica started giving breach notices to 829,454 individuals on October 27, 2020.
Luxottica had suffered other security breaches this 2020. It had encountered a Nefilim ransomware attack on September 18, 2020 which caused a major shutdown and interruption of the firm’s eye care services in Italy and China. The attackers additionally acquired sensitive data prior to ransomware deployment.