Luxottica, the world’s largest eyewear company known for brands like Ray-Ban and Oakley, has confirmed that one of its partners experienced a data breach in 2021, resulting in the exposure of personal information belonging to 70 million customers.
The breach occurred after a database was recently posted for free on hacking forums. Luxottica operates Eyemed, a vision insurance company in the US, and the leaked data included customer details such as email addresses, names, addresses, and dates of birth.
The leaked database, containing 305 million lines of data, was analyzed by cybersecurity firm D3Lab. It was determined that the breach likely occurred on March 16th, 2021, but it remains unclear whether it resulted from a new attack or was related to previous incidents in 2020 when Luxottica suffered data breaches and a ransomware attack.
After being informed about the breach, Luxottica confirmed that the leaked data originated from a security incident involving a third-party contractor handling customer data.
The company promptly reported the incident to law enforcement agencies, leading to the arrest of the website owner where the data was posted. Luxottica assured customers that their financial information, social security numbers, and login credentials were not compromised.
Troy Hunt, the owner of “Have I Been Pwned,” a data breach notification service, disclosed that the leaked data includes over 77 million unique accounts, with the majority already being in the platform’s records.
Those concerned about their information can check if they were affected by visiting the “Have I Been Pwned” site and searching for their email address.
