Luxottica Data Breach Leaked the Data of 830,000 Patients

  • Almost 830,000 eye patients from the United States had their PII and health data exposed.
  • The culprit is Luxottica, the biggest eyewear manufacturer in the world, who experienced a data breach in August.
  • Some of the exposed people have had their SSNs and their credit card data leaked too.

Luxottica had a catastrophic data breach incident that resulted in sensitive patient information exposure, including PII and medical data. We already know about the ransomware incident that hit the eyewear company back in September, but this occurrence apparently concerns a different incident that happened in August 2020.

As the company admits via an announcement now, someone gained unauthorized access to the company’s appointment scheduling app on August 5, 2020, while the firm’s IT teams only managed to detect and stop the attack four days later.

In the meantime, the hacker accessed and exfiltrated patient information, including the following:

  • full name
  • contact information
  • appointment date and time
  • health insurance policy number
  • doctor or appointment notes that may indicate information related to eye care treatment such as prescriptions
  • health conditions
  • procedures

As for who is affected by this security incident, that would be 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. In some cases, social security numbers (SSNs) and credit card numbers were also exposed. For this subcategory, Luxottica now offers a 2-year identity monitoring service through Kroll, with instructions on enrolling included in the notifications distributed to the affected people.

Luxottica has been circulating the notices since October 27, 2020. Still, the incident was just now been published after the relevant filing with the U.S. Department of Health and Human Services, as required by law. If you believe that you could have been compromised but haven’t received a notice yet, you may contact Luxottica at (877) 540-1431 and clarify your case specifically.

Until now, the stolen data hasn’t appeared on any dark web forums or markets, so the hope is that the hackers didn’t exfiltrate the files after all. Also, there could be a link between this incident and the Nefilim ransomware attack that followed, with the first attack acting as the initial access step. However, there is no evidence pointing to that scenario.

Luxottica is a Milan-based eyewear maker who has managed to maintain very lucrative deals with American eye-care providers and health insurance firms. The company is the largest in this field in the world by a large margin and has been previously accused of imposing monopolistic terms and prices. Lately, the Italian company has been dealing with severe cyber-security problems that bring the brand into the spotlight for the wrong reasons again.

16 Best Black Friday and Cyber Monday VPN Deals in 2023
When it comes to VPN services, if you're after the biggest savings, you must pick a long-term subscription plan. In most cases,...
How to Watch South to Black Power Online from Anywhere
South to Black Power follows celebrated New York Times columnist Charles M. Blow as he embarks on a personal journey across the...
How to Watch The Couple Next Door Online from Anywhere
The Couple Next Door is a psychological drama that explores suburban claustrophobia and the consequences of giving in to your darkest desires....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari