SECURITY NOTICE: Luxottica data breach

SECURITY NOTICE: Luxottica data breach

Published

CSIT staff routinely check Internet sites for news regarding data breaches which might impact our faculty, staff and students.  We recently learned of a major data breech centered around the eye glass monopoly Luxottica. Luxottica makes glass frames for almost all major brands, lenses, owns major retailers like Pearl Vision and even owns EyeMed Insurance.  The data breach in question impacts 154 people with an NWU email address.  (The specific NWU email addresses are not available to us now.)

On March 16th, 2021 a hacker exflitrated 77.1 million unique records from Luxottica's databases. These records include email addresses, names, birth dates, phone numbers, and physical addresses.  The data was up for sale on a hacking site in November 2022. What brought the incident to the forefront is on April 30th and May 12th, the data showed up for free in some hacking forums.  The fact it was posted in full for free raises the possibility that more threat actors can use the data for nefarious purposes.  This possibility warrants a warning.

Unfortunately, there are limits to what can be done.  Luxottica is not a US company, so the US laws do not apply.  The best recommendation is to stay vigilant in how you reply to emails as more could be phishing.  Also, monitor your credit score through pay or free services.

For more information regarding the Luxottica breach, consult Data breach confirmed by Luxottica after leak of over 70M customers' records | SC Media (scmagazine.com) .  Thanks for Arianna Brandstetter for prompting this alert.

Recent news