The eyewear giant Luxottica has disclosed a data breach affecting its appointment scheduling application that exposed personal and health information of patients of LensCrafters, Target Optical, and EyeMed practices.
Luxottica is the world's largest eyewear company that owns a well-known eyeglass brands, including Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Bulgari, Armani, Prada, Chanel, and Coach.
In a "Security Incident" notification posted on its website the company said that the data breach is a result of a hack, which took place on August 5, 2020. During the intrusion an unauthorized person accessed the Luxottica-managed web application used for appointment scheduling.
“On August 9, 2020, Luxottica learned of the incident, contained it, and immediately began an investigation to determine the extent of the incident. On August 28, 2020, we preliminarily concluded that the attacker may have accessed and acquired patient information,” the company said.
The affected information may have included full name, contact information, appointment date and time, health insurance policy number, and doctor or appointment notes that may indicate information related to eye care treatment, such as prescriptions, health conditions or procedures. For some patients, credit card numbers and social security numbers were also exposed.
Luxottica says it has no evidence that compromised personal information is being misused, but nevertheless advises all patients to remain vigilant.
