The 2021 Luxottica eyewear conglomerate’s data breach came as a real shock to the 77,093,812 users whose personal data was exposed.
But cybersecurity experts weren’t too surprised–they know online attacks are now a part of daily life.
According to a UK government survey, hackers attacked 50% of businesses and 32% of charities during 2023. Almost three-quarters (74%) of larger businesses were attacked, usually through simple phishing scams, but also through impersonating other organizations and launching viruses and other malware.
As the owner of the world’s leading eyeglasses manufacturers, stores, and insurance companies, Luxottica should have been better prepared.
In this article, we’re going to analyze what went wrong in the Luxottica data breach and what consumers and other organizations can learn.
While the Luxottica data breach was perpetrated in 2021, we’re just now discovering the actual extent of the information leaked due to the data in April of 2023.
Let’s shed some new light on this shady situation.
In 2022, a hacker going by the name “sin” on the dark website Breached began advertising the information of 77,093,812 users exposed by the breach for private sale. The next year, the full database was leaked for free using online forums, renewing concerns that the data breach was more comprehensive than originally thought.
According to the company itself, the leak stemmed from a blurry third-party retail vendor incident, which only stored personal information as opposed to more sensitive material.
Luxottica has been slow to update its clients about the case. Sure, they reported it to the Italian Police and the FBI, who shut the Breached website down. However, the company’s stock price at the time showed no signs of any meaningful drop, and there has been no effort to compensate its customers for the breach.
Luxottica Vision is the world's largest provider of eyewear, owning brands like Burberry, Oakley, Dolce and Gabbana, Chanel, and Ray-Ban, as well as a vision insurance company.
Although the common claim that Luxottica controls 80% of the eyewear market is dubious, it at least gives you an idea of the size of its clientele.
Over 300 million records from 77,093,812 different users were involved in the leak—an enormous number by any standard. Because of the combination of medical, financial, and personal information included in their databases, Luxottica's data breach could have been even more damaging for those involved.
If you've donned a pair from local boutiques, mega-retailers, or clicked to buy online, it's time to “focus” and reach out to ascertain the safety of your data. Additionally, if EyeMed Insurance is your go-to, or if LensCrafters is where you get your vision checked, you might be in the affected spectrum as a potential victim.
While the extent of the damage is still being determined in some cases, Luxottica did confirm that the data leaked includes:
In a statement to cyber security news site BleepingComputer, Luxottica claimed:
“The data does not include individuals’ financial information, social security numbers, login or password data, or other information that would compromise the safety of our customers.”
This breach was targeted at Luxottica itself—not more specifically at one of its subsidiaries. That means that any of the companies under the Luxottica umbrella could have been impacted:
Brands under license:
Anyone who has been notified that their data was included in the Luxottica data breach should immediately:
The reach of Luxottica is vast, so even if you haven’t heard of the company, it doesn’t mean you’re safe.
The Luxottica data breach proves that no company is too big to be hacked. Therefore, you can’t rely on any site to keep your password 100% safe. Changing to a strong password with a mix of uppercase, lowercase, numbers, and special characters is your first port of call.
You need to have a different password for every app, too. If bad actors get hold of your username and password from a leak like Luxottica, they may try to use them to access different sites.
Sure, it’s not easy to remember a list of different passwords, so an increasing number of security-focused people are turning to solid password managers. Google Password Manager is often the first that comes to mind since it’s easy to use and built right into Chrome.
However, as the world’s top browser, it’s a seductive target for hackers. On top of that, Google Password Manager has limited biometric and 2FA authentication and lacks the “zero knowledge” ethos of password management, leaving your user information vulnerable.
Fortunately, advanced password managers like Cloaked will generate new, complex passwords with a few clicks and protect you with encrypted password-protected links and one-time passcodes.
Cloaked’s password manager in action, concealing your ID online
For greater security, you can enable two-factor authentication to enter the Cloaked app, blocking hackers even if they uncover your password.
Monitoring your information is one of the best habits to begin if you’re serious about safeguarding your personal information. For example, having credit monitoring services in your toolbox alerts you about any anomalies in your spending and account behavior. If password management is a proactive initiative, credit monitoring allows you to stamp out any breaches after the fact.
Leading cyber security apps now offer identity theft protection, with features like identity insurance, profile restoration, and credit records balancing. This is an excellent solution in a world where hackers are always one step ahead of the resistance of companies like Luxottica.
Cloaked has recently launched a product to scan and actively remove your information from the web. The risk assessment scan will determine your level of risk, before deleting any occurrences in 120+ data brokers and websites. This helps to make you less vulnerable to fraud, scams, and phishing attempts.
It may not surprise you that this isn’t the first breach at Luxottica. Back in June 2020, 2.1 million patients of EyeMed Vision Care, Luxottica’s vision insurance company, suffered a breach that included personal contact information, social security numbers, medical diagnoses and conditions, and treatment information. The hacker then used an EyeMed Vision Care account to send out phishing emails, which caused even more damage.
A case brought by state attorneys general from Oregon, New Jersey, Florida, and Pennsylvania found that EyeMed had failed to uphold HIPAA (Health Insurance Portability and Accountability Act) and state laws. Multiple EyeMed employees were guilty of a range of poor security measures, such as sharing a single password for a sensitive email account, only partial two-factor authentication, and risk assessment failures.
Fast-forward to the 2021 Luxottica data breach case and it seems a data breach lawsuit may be more difficult. As a non-US company, US laws do not apply. However, keep an eye on news relating to the case to identify whether you’re eligible for compensation.
As more people become aware of the need for online identity protection, they’re looking to technology like Cloaked for comprehensive solutions to keep them safe.
Cloaked allows you to:
It’s fair to say Luxottica has been rather cagey about the information they have released regarding the data breach. Not offering specifics on where or how the breach happened doesn’t exactly inspire confidence.
Similarly, the company doesn’t inspire confidence when it claims to have identified the breach through “proactive monitoring procedures” when it is generally accepted to have been discovered when the data was put up for sale.
For more information closely related to the most recent Luxottica data breach, take a look at these questions.
Yes, Luxottica experienced a significant data breach in 2021. Exposed on various hacking forums in 2023, the breach included the names, email addresses, physical addresses, phone numbers, and dates of birth of over 77 million customers.
A previous breach occurred in 2020, compromising more serious data such as social security numbers, medical diagnoses and conditions, and treatment information of 829,454 customers from EyeMed, a subsidiary of Luxottica.
The controversy surrounding Luxottica revolves around its multiple data breaches and its dominant position in the eyewear market. The company's data breaches exposed the sensitive information of millions of customers, raising concerns about its cybersecurity practices and data protection measures.
Additionally, Luxottica's market dominance controversies lie in allegedly inflating prices by 1,000% and using its position to run a hostile takeover of Oakley.
Luxottica, the world's largest eyewear company, has had significant data breaches. The breaches in 2020 and 2021 exposed the personal information of millions of customers, making them among the most notable data breaches in the eyewear industry.
The 2013 Yahoo database infiltration wound up affecting more than three billion Yahoo accounts worldwide. Unlike Luxottica’s breach, it continued for over three years, leading to Yahoo paying out $35 million and finding itself in other class-action lawsuits.
Minimizing the amount of information available about you online doesn't have to be difficult. With Cloaked, you can “clear” your vision. Cloaked allows you to create unique identities for every new account and connection, putting you in control of access to your data.
Click here to get started with Cloaked and protect yourself from cyber threats.