Luxottica, the world’s largest eyewear company, has revealed that it was the victim of a major cyber attack. The attack exposed the personal information of over 70 million customers on hacking forums.
Luxottica Data on BreachForums
On November 2022, hackers attempted to sell a database of Luxottica on the former BreachForums, claiming it contained 300 million records from 2021. However, they were unsuccessful.
However, some researchers, such as Draghetti, believed that a third, undisclosed attack may have been responsible for the breach. Luxottica has since confirmed this and said that it first learned of the latest attack in November 2022.
According to “Have I Been Pwnd’s” Troy Hunt via Bleeping Computer, the leaked data contains 77,093,812 unique accounts.
Luxottica has said it is currently investigating and that while personal information was lost, no financial information was compromised.
Earlier, it was believed that the hackers obtained the data during two separate attacks on Luxottica in 2020. The initial attack took place in August 2020 and resulted in the exposure of the personal information of 829,454 customers from two subsidiaries of Luxottica: EyeMed and LensCrafters. A month later, Luxottica experienced a ransomware attack, leading to operational disruptions in China and Italy.
Luxottica has stated that it is investigating the incident, and while personal information was compromised, the hackers could not obtain any financial information, social security numbers, or credentials.