Eyewear giant Luxottica has confirmed a data breach exposed the personally identifiable information of more than 70 million consumers.
Luxottica is the world's largest manufacturer of glasses and prescription frames and owner of popular brands including Ray-Ban, Chanel, Burberry, Giorgio Armani, Versace, Michael Kors and others.
The leaked database, with over 300 million customer records (allegedly from a 2021 data breach) from the US and Canada, including names, emails, phone numbers, addresses, and dates of birth, was provided free of charge on a leak website between April 30 and May 12.
The company told BleepingComputer that the leaked data stemmed from a security incident at a third-party vendor. However, the company did say it became aware of the incident via a post on the now-defunct ‘Breached’ hacking forum where one user was attempting to sell the stolen database.
“We first learned of the incident from a third-party post on the dark web in November 2022,” Luxottica explained.
Luxottica also said that it contacted the Italian law enforcement and data protection authority, as well as the FBI. The company also claimed that no financial information, credentials or Social Security Numbers were leaked. The investigation is ongoing.
“We discovered through our proactive monitoring procedures that certain retail customer data, allegedly obtained through a third-party related to Luxottica retail customers, was published in an online post,” Luxottica told BleepingComputer researchers.
“From our investigation, which is still going on, we know so far that the data primarily consists of customer contact details including names, addresses, phone numbers, emails and dates of birth. The data does not include individuals’ financial information, social security numbers, login or password data or other information that would compromise the safety of our customers.”
According to Troy Hunt, security consultant and owner of the Have I Been Pwned platform, the leaked records include 77,093,812 unique accounts, 74% of which were also part of previously known data breaches/leaks.
Seemingly minor data breaches can still pose significant privacy risks. For example, you may have changed an email, phone number or home address, but your name and date of birth remain the same.
Although non-sensitive personal data exposed in data leaks may not put users at immediate risk, cybercriminals may still put this information to use by:
Not sure whether your information was stolen or made public on the internet? Check now with Bitdefender Digital Identity Protection and continuously monitor for exposed personal information online, with:
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.View all posts
May 16, 2023
March 10, 2023
June 06, 2023