Luxottica data breach exposes LensCrafters, EyeMed patient info

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/luxottica-data-breach-exposes-lenscrafters-eyemed-patient-info/

A Luxottica data breach has exposed the personal and protected health information for patients of LensCrafters, Target Optical, EyeMed, and other eye care practices.
Luxottica is the world's largest eyewear company with a portfolio of well-known eyeglass brands, including Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Bulgari, Armani, Prada, Chanel, and Coach.

In a "Security Incident" notification issued this week, Luxottica disclosed that their appointment scheduling application suffered a data breach after being hacked on August 5th, 2020. [...]

"We recommend that all potentially impacted individuals take steps to protect themselves, for example by closely monitoring notices from your health insurer and health care providers for unexpected activity. If your payment card information and/or Social Security number were involved in this incident, this is explicitly stated in your letter," Luxottica advised on a web site created specifically for this data breach.

On October 27th, Luxottica has begun to mail notices to those who are affected. They have also started releasing press releases on websites for local newspapers to alert patients of the data breach.

Luxottica data breach exposes 820K EyeMed, LensCrafters patients

A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices.

www.bleepingcomputer.com

 

[mazskolnieces]

Perfect example of "your data is out there and what happens on your local host is irrelevant."

Everybody focuses all their security, privacy and anonymity efforts on their local host, when in fact, the greatest threat is to their data out there (put out there by the user in most cases) on commercial and government systems.

 

[Gandalf_The_Grey]

Perfect example of "your data is out there and what happens on your local host is irrelevant."

Everybody focuses all their security, privacy and anonymity efforts on their local host, when in fact, the greatest threat is to their data out there (put out there by the user in most cases) on commercial and government systems.

Correct, but not all by choice. You can at least try to minimize the data out there on you, but you can't avoid it completely.

 

[klepto]

You can check all the boxes to protect your privacy at home but when you just want some sunglasses and they want your name, address and more things have gotten out of hand. Hell, every grocery store has some loyalty card and jacks the prices up on you if you don't have one. I can't wait for MySudo or Privacy.com to make an apple pay like system so I can give out some fake info and pay with a virtual credit card.

 

[mazskolnieces]

You can at least try to minimize the data out there on you

You cannot minimize your data via the available methods to the extent that it meaningfully increases privacy or security. Of course going off grid and 100 % cash is an option, but even then when you use services and buy goods you still have to provide valuable personal data that gets put onto, retained and spread by data systems.

Using privacy tweaks, privacy browser extensions and VPN reduce the undesirable sharing of a person's data only to the equivalent of a few grains of sand on a beach.

That is the fundamental problem. The whole privacy\security thing is a lot more about feeling private\safe as opposed to anything that makes any kind of real difference.

 

[silversurfer]

Luxottica data breach exposes 820K EyeMed, LensCrafters patients

A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices.

www.bleepingcomputer.com

Update 11/12/20: A new notification filed with the U.S. Department of Health and Human Services indicates that this breach affected 829,454 patients and is classified as a "Hacking/IT Incident."
All affected users should have been notified via email at this point. If you have not been notified and are concerned your information was exposed, you can contact Luxottica at (877) 540-1431.