Patient Information Exposed in Targeted Luxottica Data Breach
Luxottica Group S.p.A, the World’s largest company in the eye industry that designs, manufactures, distributes, and retails its eyewear brands that include Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Target Optical, LensCrafters, Eyemed vision care plan, and Glasses.com recently got hit by a ransomware attack.
The attack took place on August 5, 2020. In a data brief notification posted on the Company’s website, Luxottica stated that; “On August 9, 2020, Luxottica learned of the incident, contained it, and immediately began an investigation to determine the extent of the incident. On August 28, 2020, we preliminarily concluded that the attacker may have accessed and acquired patient information,”
The notification confirmed that personal data (PII) and protected health information (PHI), such as medical conditions and history were amongst the information exposed; with some patients also having their credit card numbers and social security numbers stolen.
Luxottica further stated that; “The personal information involved in this incident may have included: full name, contact information, appointment date and time, health insurance policy number, and doctor or appointment notes that may indicate information related to eye care treatment, such as prescriptions, health conditions or procedures,”
Luxottica also urged their affected clients to be extra vigilant for any suspicious activities and monitor their credit statements and history. They stated; “We recommend that all potentially impacted individuals take steps to protect themselves, for example by closely monitoring notices from your health insurer and health care providers for unexpected activity.” states the company is a statement published on a website set up after the incident. “If your payment card information and/or Social Security number were involved in this incident, this is explicitly stated in your letter.”
Luxottica began notifying affected users on October 27th and offered a free two-year identity monitoring service through Kroll to those patients who had their payment information and Social Security Numbers exposed.
References
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055