On August 9, 2020, Luxottica of America Inc. experienced a data breach due to an **automated cyberattack**, reported by the Washington State Office of the Attorney General on October 27, 2020. The incident compromised the **personal information of approximately 12,166 individuals**, including highly sensitive data such as **names, Social Security numbers, and health-related records**. The breach stemmed from an external cyber intrusion, exposing individuals to potential risks like **identity theft, financial fraud, and unauthorized access to medical details**. While the exact method of the attack (e.g., phishing, exploit of a vulnerability) was not specified, the scale and nature of the exposed data—particularly **SSNs and health information**—indicate a severe privacy violation with long-term repercussions for affected parties. The company was legally obligated to notify impacted individuals and regulatory bodies, though the broader operational or reputational consequences for Luxottica were not detailed in the report. The incident underscores the vulnerabilities in handling **sensitive customer data**, especially when automated cyberattacks exploit systemic weaknesses. No ransomware demands were mentioned, but the **leak of personal and health data** aligns with high-severity impacts under data protection frameworks.
TPRM report: https://www.rankiteo.com/company/essilorluxottica
"id": "ess023091825",
"linkid": "essilorluxottica",
"type": "Cyber Attack",
"date": "8/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 12166,
'industry': 'Retail (Eyewear)',
'location': 'United States',
'name': 'Luxottica of America Inc.',
'type': 'Corporation'}],
'data_breach': {'number_of_records_exposed': 12166,
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2020-08-09',
'date_publicly_disclosed': '2020-10-27',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach involving Luxottica of America Inc. on October '
'27, 2020. The breach occurred on August 9, 2020, due to an '
'automated cyberattack affecting approximately 12,166 '
'individuals, and potentially compromising personal '
'information including names, Social Security numbers, and '
'health-related data.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'health-related data'],
'identity_theft_risk': 'High (PII exposed)'},
'post_incident_analysis': {'root_causes': 'Automated cyberattack '
'(unspecified)'},
'references': [{'date_accessed': '2020-10-27',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Washington State '
'Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Attorney General'},
'title': 'Luxottica of America Inc. Data Breach (2020)',
'type': 'Data Breach'}