Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

A Threat Actors Posts Update on Luxottica’s 2021 Data Breach

Redazione RHC : 25 July 2024 17:32

Recently, a threat actor in a clandestine forum posted an update on the 2021 data breach concerning the giant Luxottica, one of the world’s largest eyewear companies. According to the post, the breach allegedly exposed extensive personal information of millions of individuals. This article explores the details of the alleged breach based on information provided by the threat actor.

At this time, we cannot confirm the veracity of the news, as the organization has not yet issued any official press release on its website regarding the incident. Therefore, this article should be considered an ‘intelligence source.’

Details of the Alleged Breach

According to the post made by the threat actor, who uses the pseudonym “Voided,” the breach involves a substantial dataset that allegedly belongs to Luxottica. The threat actor claims that an earlier version of the leaked data was incomplete, missing significant details such as apartment/building numbers, genders, birth dates, work numbers, and phone numbers for some records.

SCORSO DEL 25% SUL CORSO NIS2 FINO AL 31 DICEMBRE!
La direttiva NIS2 rappresenta una delle novità più importanti per la sicurezza informatica in Europa, imponendo nuovi obblighi alle aziende e alle infrastrutture critiche per migliorare la resilienza contro le cyber minacce. Con scadenze stringenti e penalità elevate per chi non si adegua, comprendere i requisiti della NIS2 è essenziale per garantire la compliance e proteggere la tua organizzazione.

Accedi alla pagina del corso condotto dall'Avv. Andrea Capelli sulla nostra Academy e segui l'anteprima gratuita.

Per un periodo limitato, potrai utilizzare il COUPON NIS-84726 che ti darà diritto ad uno sconto del 20% sul prezzo di copertina del corso
Per ulteriori informazioni, scrivici ad [email protected] oppure scrivici su Whatsapp al 379 163 8765 

Supporta RHC attraverso:


Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

Support Red Hot Cyber through Purchasing the comic on Cybersecurity Awareness By following RHC on WhatsApp By following RHC on Telegram Download free “Dark Mirror,” Dark Lab’s ransomware report The complete data record is as follows:

first_name,middle_name,last_name,birth_date,gender_ind,home_email_address,home_uncleansed_email_address,work_email_address,home_address_1,home_address_2,home_city,home_state_province_code,other_address_1,home_phone_number,work_phone_number,bill_phone_number,ship_phone_number,cell_phone_number,fax_phone_number,phone_preference,email_preference

In their post, the actor revealed that the original 2023 leak contained an unreadable 120GB database along with a smaller, more user-friendly 17GB version.

The threat actor stated that he deleted the “nice version” but kept the raw database.

About the Threat Actors’ Target

Luxottica Group S.p.A. is a multinational corporation headquartered in Italy, primarily involved in the design, manufacture, and distribution of fashion, luxury, and sports eyewear. With operations in more than 150 countries and about 80,000 employees, Luxottica owns several well-known brands including Ray-Ban, Oakley, and Persol, and also produces eyewear for numerous fashion houses such as Chanel and Prada. The motive behind this breach, as with many cyber attacks, could range from financial gain through the sale of personal data to damaging Luxottica’s reputation. Given the company’s prominent position and large customer base, the data could be highly valuable to malicious actors.

Implications of the Breach

The alleged Luxottica data breach could have implications for both the company and its customers.

Exposure of sensitive personal information such as birth dates, phone numbers, and addresses increases the risk of identity theft and fraud. In addition, detailed information about individuals’ workplaces and phone numbers could be exploited for targeted phishing attacks and social engineering schemes. As is our custom, we always leave room for a statement from the company should they wish to give us updates on the matter.

We will be happy to publish such information with a specific article giving prominence to the matter. RHC will monitor the development of the matter so as to publish further news on the blog if there is substantial news. Should there be persons with knowledge of the facts who wish to provide information anonymously, they can use the encrypted whistleblower email.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.