Threat Watch

Luxottica Data Breach

Luxottica, the world’s largest eyewear company, has disclosed a data breach that exposed the personal and protected information of patients of LensCrafters, Target Optical, EyeMed, and other eye care practices. Luxottica has released a “Security Incident” notification this week stating that their appointment scheduling application suffered a data breach on August 5th, 2020. The company stated that they first learned of the breach on August 9th and investigated the attack, the investigation concluded that the attacker may have gained access to patient information. The personal information involved may have included the patient’s full name, contact information, appointment date and time, health insurance policy number, physicians’ notes, and for some patient’s credit card and social security numbers (SSN). Luxottica is not aware of any misuse of the exposed data, but they advise all impacted people to be vigilant in monitoring their information. 

ANALYST NOTES

Luxottica has begun to notify affected individuals by mail and if the personal SSN or payment information was involved, the company is offering a free two-year identity monitoring service through Kroll. It is recommended that if a person believes that their information was involved, they should monitor their banking institutions carefully for any unusual activity. If any unusual activity is found, the activity should be reported to the banking institution so that it can be investigated.

Source Article: https://www.bleepingcomputer.com/news/security/luxottica-data-breach-exposes-lenscrafters-eyemed-patient-info/