IOTW: Luxottica confirms 2021 data leak of 70 million customers’ information

Italian eyewear brand Luxottica, parent company of Ray-Ban and Oakley, has confirmed that the data of more than 70 million customers was accessed in 2021.

The data was exposed after a third-party data storage provider used by Luxottica suffered a cyber attack. It has not currently been made public how the hackers gained access to its network, or which company the third party was. The data breach and theft was revealed after a malicious actor posted a database of the information for sale on the dark web from April 30 to May 12. 

In a statement to cyber security news site BleepingComputer, Luxottica confirmed the breach, saying it was the result of a cyber attack in 2021 against a third-party contractor that stores its customer data. The eyewear company also shared that the data accessed includes the names, email and home addresses, phone numbers and dates of birth of its customers. The data, however, did not include any payment information or other sensitive or compromising information, like social security numbers or login  credentials.

The company said it discovered the breach through “proactive monitoring procedures” and immediately reported it to the Federal Bureau of Investigation (FBI) and the Italian police once it was revealed. According to Luxottica, the owner of the site that hosted the stolen information has now been arrested, the website shut down and an investigation into the cyber attack launched.

Luxottica has additionally informed the Italian Data Protection Authority (Garante per la protezione dei dati personali) about the breach and will be “considering other notification obligations”. The company says it “remains confident that its systems were not breached and its network remains secure”.

An investigation into how the breach took place remains ongoing.

Top admin of hacking forum arrested

There have been crackdowns against dark web sites in the recent months, with the FBI shutting down notorious dark web hacking site, BreachForums after arresting its top admin in March of this year.

The administrator of the site, who went by ‘Pompompurin’ and was named as Conor Brian Fitzpatrick by the FBI, was allegedly arrested by the Bureau on March 15 on suspicion of hosting and running the forum. 
BreachForums was thought to be the reincarnation of RaidForums, a similar dark web site that was investigated and subsequently shut down by the FBI in April 2022.

It has been used by a number of hackers to break news of data breaches they have committed and as a marketplace for selling the data stolen in these breaches. Large databases of victims’ information have been posted to the site, including those involved in the Medibank data leak, which affected over 9.7 million people. 

On March 21, a new admin for BreachForums, who uses the screen name ‘Baphomet’ made a post via the site’s official Telegram channel. Baphomet said it was the “final update for Breached” and that he would be “taking down the forum”.

“I believe we can assume that nothing is safe anymore. I know that everyone wants the forum up, but there is no value in short term gain for what will likely be a long term loss by propping up Breached as it is,” he added.

The reference to “nothing [being] safe” was likely an allusion to the fact that the FBI has taken control of the forum. When the FBI shut down RaidForums in April 2022, the organization seized all its servers and domains, allowing them access to all posts before it was shut down.