Luxottica Needs to be Held Accountable For Their Data Mishandling
After being fined over $600,000.00 for a HIPAA related data breach, stemming from a August 2020 data breach, Luxottica admitted to a second much more serious Data Breach (that they claim to have learned about in November of 2022, meaning it went undiscovered for at least a year and a half.) This one occurred on about March 16, 2021 according to D3Lab srl security researcher Andrea Draghetti. Luxottica didn’t actually admit to this latest data breach until May 19, 2023, after the data was leaked online twice, though. First on April 30th, then on May 12th 2023. They delayed acknowledging the breach by at least 6 months. The customer information accessed and exfiltrated during the data breach included Full names, dates of birth, email address(es), address(es), and genders of some or all of the more than 74M people affected by this newest 300M record data breach. This is serious Personally Identifiable Information. A LOT of it. Exactly how much overlap between the 829...