430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Luxottica data breach exposes info of LensCrafters and EyeMed patients

A data breach suffered by Luxottica has exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, […]

Luxottica

A data breach suffered by Luxottica has exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed.

Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com. Its best known brands are Ray-Ban, Persol, and Oakley. Luxottica also makes sunglasses and prescription frames for designer brands such as Chanel, Prada, Giorgio Armani, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch.

The Italian company employs over 80,000 people and generated 9.4 billion in revenue for 2019.

Luxottica was hit by a ransomware attack that took place on September 18.

In October, the Italian website “Difesa e Sicurezza” reported that that the Nefilim ransomware operators have posted a long list of files that appear to belong to Luxottica.

The huge trove of files appears to be related to the personnel office and finance departments.

The analysis of the leaked files revealed that they contain confidential information regarding the recruitment process, professional resumes, and info about the internal structures of the Group’s human resource department.

The exposed financial data includes budgets, marketing forecast analysis, and other sensitive data.

Now the news of another data breach made the headlines, a security breach has exposed the personal and protected health information for patients of LensCrafters, Target Optical, EyeMed, and other eye care practices.

The partners share a web-based appointment scheduling platform that is used by patients to schedule appointments online or over the phone.

Luxottica disclosed a security breach in the appointment scheduling application that took place on August 5, 2020.

According to a “Security Incident” notification issued this week by the company, it first became aware of the hack on August 9 and, after investigating the attack, determined on August 28 that the threat actors gained access to patients’ personal information.

“On August 9, 2020, Luxottica learned of the incident, contained it, and immediately began an investigation to determine the extent of the incident. On August 28, 2020, we preliminarily concluded that the attacker may have accessed and acquired patient information,” the Luxottica data breach notification states.

The notification confirms the exposure of information including personal data (PII) and protected health information (PHI), such as medical conditions and history. For some patients, exposed information included credit card numbers and social security numbers.

“The personal information involved in this incident may have included: full name, contact information, appointment date and time, health insurance policy number, and doctor or appointment notes that may indicate information related to eye care treatment, such as prescriptions, health conditions or procedures,” Luxottica warned.

Luxottica is offering a free two-year identity monitoring service through Kroll to those patients who had their payment information and SSNs exposed.

At the time the company is not aware of fraudulent activities abusing the exposed data, anyway, it is recommending its patients to remain vigilant for any suspicious activities and monitor their credit statements and history.

“We recommend that all potentially impacted individuals take steps to protect themselves, for example by closely monitoring notices from your health insurer and health care providers for unexpected activity.” states the company is a statement published on a website set up after the incident. “If your payment card information and/or Social Security number were involved in this incident, this is explicitly stated in your letter.”

On October 27th, the company began to notify affected users.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]