Data breach affects Ray-Ban manufacturers. Data is filtered from LensCrafters, Target Optical, EyeMed and other firms
Luxottica, the world’s largest eye glasses company, suffered a data breach that resulted in the exposure of patients’ personal information from multiple eye clinics, including LensCrafters, Target Optical, EyeMed, among others. Luxottica owns major eye glasses brands such as Ray-Ban, Oakley, Michael Kors, Armani, Prada and Chanel.
In addition to the production of glasses, Luxottica also operates the eye care company EyeMed, partnering with eye care professionals as part of its LensCrafters, Target Optical, EyeMed and Pearle Vision retail outlets. These partners gain access to a web-based appointment scheduling app that allows patients to schedule appointments online or over the phone.
Through a security alert issued a few days ago, the company revealed that its dating scheduling software was the target of a cyberattack that resulted in the data breach in August 2020. Luxottica reports that the incident was detected on August 9 and, after a month of investigation, it was concluded that those responsible for the attack accessed confidential patient information.
The exposed records include confidential user information, featuring health data and personal details: “The information involved in this incident includes full names, contact details, security policy numbers, notes from the physicians responsible for the patient, prescriptions, procedures, among other details,” Luxottica adds in his message.
The company notes that some patients’ financial information may also have been compromised. In such cases, Luxottica offers two years of free credit monitoring to affected customers.
On the other hand, Luxottica reports not being aware of any incident related to the malicious use of compromised information, although it recommends that its customers verify the activity in their bank accounts in order to detect possible malicious behavior: “We recommend that users take steps to protect themselves against possible attempts at bank fraud and monitor any unauthorized movement”, adds the company.
On 27 October, Luxottica began sending mail notifications to those affected. The company also began publishing press releases on multiple news websites to give the incident as much dissemination as possible.