Luxottica, the largest company in the world of glasses industry, based in Italy, is not only engaged in the sale of glasses. Collaborates with Companies and with eye health care professionals, through LensCrafters, Target Optical, EyeMed and Pearle Vision.
Data breach affected the appointment scheduling system
Luxottica issued a notice stating that the appointment scheduling application was affected by the breach data which took place on 5 August 2020.
The Italian company noticed the attack on August 9 and, after investigating the attack, found out (on August 28) that the attackers had acquired access in patients' personal data.
"On August 9, 2020, Luxottica learned of the incident and immediately launched an investigation to determine the extent of the problem. On August 28, 2020, we concluded that the intruder may have access to patient information", Said in its statement Luxottica.
Exposed information includes privacy (PII) and health information (PHI), including medical history and history.
In particular, according to Luxottica, the exposed information may include: full name, contact details, date and time of appointment, security number and doctor's notes that may indicate information about eye treatment / care (eg prescriptions, etc.) ).
They may also have been exposed credit card numbers and social security numbers some patients.
In the event that such information is exposed, Luxottica offers a free "identity monitoring service" for two years through Kroll.
No evidence of misuse of the exposed information has been found, but Luxottica urges patients to be alert to possible notifications from health insurers or healthcare providers and to monitor their credit cards and transactions (to confirm that nothing strange is happening). .
On October 27, Luxottica began sending alerts to those affected. He has also published press releases on sites and local newspapers to alert patients to data breaches.
Recently another one became known attack on Luxottica, by the ransomware gang Nefilim. The attack took place on September 18, 2020 and caused significant disruptions, while also leading to the theft of unencrypted files.
Source: Bleeping Computer