Luxottica Data Breach Leaked the Data of 830,000 Patients

  • Almost 830,000 eye patients from the United States had their PII and health data exposed.
  • The culprit is Luxottica, the biggest eyewear manufacturer in the world, who experienced a data breach in August.
  • Some of the exposed people have had their SSNs and their credit card data leaked too.

Luxottica had a catastrophic data breach incident that resulted in sensitive patient information exposure, including PII and medical data. We already know about the ransomware incident that hit the eyewear company back in September, but this occurrence apparently concerns a different incident that happened in August 2020.

As the company admits via an announcement now, someone gained unauthorized access to the company’s appointment scheduling app on August 5, 2020, while the firm’s IT teams only managed to detect and stop the attack four days later.

In the meantime, the hacker accessed and exfiltrated patient information, including the following:

  • full name
  • contact information
  • appointment date and time
  • health insurance policy number
  • doctor or appointment notes that may indicate information related to eye care treatment such as prescriptions
  • health conditions
  • procedures

As for who is affected by this security incident, that would be 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. In some cases, social security numbers (SSNs) and credit card numbers were also exposed. For this subcategory, Luxottica now offers a 2-year identity monitoring service through Kroll, with instructions on enrolling included in the notifications distributed to the affected people.

Luxottica has been circulating the notices since October 27, 2020. Still, the incident was just now been published after the relevant filing with the U.S. Department of Health and Human Services, as required by law. If you believe that you could have been compromised but haven’t received a notice yet, you may contact Luxottica at (877) 540-1431 and clarify your case specifically.

Until now, the stolen data hasn’t appeared on any dark web forums or markets, so the hope is that the hackers didn’t exfiltrate the files after all. Also, there could be a link between this incident and the Nefilim ransomware attack that followed, with the first attack acting as the initial access step. However, there is no evidence pointing to that scenario.

Luxottica is a Milan-based eyewear maker who has managed to maintain very lucrative deals with American eye-care providers and health insurance firms. The company is the largest in this field in the world by a large margin and has been previously accused of imposing monopolistic terms and prices. Lately, the Italian company has been dealing with severe cyber-security problems that bring the brand into the spotlight for the wrong reasons again.

REVIEW OVERVIEW

Latest

How to Watch Westworld Season 4 Online From Anywhere

The fourth season of your favorite science fiction dystopian TV series is set to premiere soon, and we know you want to...

How to Watch 2022 BET Awards Online From Anywhere

The 2022 BET Awards are here, so be ready to celebrate African American entertainers who have excelled in the field of music,...

How to Watch Jack Osbourne’s Night of Terror: Bigfoot Online From Anywhere

Discovery+ is here with a new 2-hour special featuring Jack Osbourne, and we're looking forward to watching it online. If you're interested...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari