Italian
eyewear
brand
Luxottica,
parent
company
of
Ray-Ban
and
Oakley,
has
confirmed
that
the
data
of
more
than
70
million
customers
was
accessed
in
2021.
The
data
was
exposed
after
a
third-party
data
storage
provider
used
by
Luxottica
suffered
a
cyber
attack.
It
has
not
currently
been
made
public
how
the
hackers
gained
access
to
its
network,
or
which
company
the
third
party
was.
The
data
breach
and
theft
was
revealed
after
a
malicious
actor
posted
a
database
of
the
information
for
sale
on
the
dark
web
from
April
30
to
May
12.
In
a
statement
to
cyber
security
news
site
BleepingComputer,
Luxottica
confirmed
the
breach,
saying
it
was
the
result
of
a
cyber
attack
in
2021
against
a
third-party
contractor
that
stores
its
customer
data.
The
eyewear
company
also
shared
that
the
data
accessed
includes
the
names,
email
and
home
addresses,
phone
numbers
and
dates
of
birth
of
its
customers.
The
data,
however,
did
not
include
any
payment
information
or
other
sensitive
or
compromising
information,
like
social
security
numbers
or
login
credentials.
The
company
said
it
discovered
the
breach
through
“proactive
monitoring
procedures”
and
immediately
reported
it
to
the
Federal
Bureau
of
Investigation
(FBI)
and
the
Italian
police
once
it
was
revealed.
According
to
Luxottica,
the
owner
of
the
site
that
hosted
the
stolen
information
has
now
been
arrested,
the
website
shut
down
and
an
investigation
into
the
cyber
attack
launched.
Luxottica
has
additionally
informed
the
Italian
Data
Protection
Authority
(Garante
per
la
protezione
dei
dati
personali)
about
the
breach
and
will
be
“considering
other
notification
obligations”.
The
company
says
it
“remains
confident
that
its
systems
were
not
breached
and
its
network
remains
secure”.
An
investigation
into
how
the
breach
took
place
remains
ongoing.
Top
admin
of
hacking
forum
arrested
There
have
been
crackdowns
against
dark
web
sites
in
the
recent
months,
with
the
FBI
shutting
down
notorious
dark
web
hacking
site,
BreachForums
after
arresting
its
top
admin
in
March
of
this
year.
The
administrator
of
the
site,
who
went
by
‘Pompompurin’ and
was
named
as
Conor
Brian
Fitzpatrick
by
the
FBI,
was
allegedly
arrested
by
the
Bureau
on
March
15
on
suspicion
of
hosting
and
running
the
forum.
BreachForums
was
thought
to
be
the
reincarnation
of
RaidForums,
a
similar
dark
web
site
that
was
investigated
and
subsequently
shut
down
by
the
FBI
in
April
2022.
It
has
been
used
by
a
number
of
hackers
to
break
news
of
data
breaches
they
have
committed
and
as
a
marketplace
for
selling
the
data
stolen
in
these
breaches.
Large
databases
of
victims’
information
have
been
posted
to
the
site,
including
those
involved
in
the
Medibank
data
leak,
which
affected
over
9.7
million
people.
On
March
21,
a
new
admin
for
BreachForums,
who
uses
the
screen
name
‘Baphomet’
made
a
post
via
the
site’s
official
Telegram
channel.
Baphomet
said
it
was
the
“final
update
for
Breached”
and
that
he
would
be
“taking
down
the
forum”.
“I
believe
we
can
assume
that
nothing
is
safe
anymore.
I
know
that
everyone
wants
the
forum
up,
but
there
is
no
value
in
short
term
gain
for
what
will
likely
be
a
long
term
loss
by
propping
up
Breached
as
it
is,”
he
added.
The
reference
to
“nothing
[being]
safe”
was
likely
an
allusion
to
the
fact
that
the
FBI
has
taken
control
of
the
forum.
When
the
FBI
shut
down
RaidForums
in
April
2022,
the
organization
seized
all
its
servers
and
domains,
allowing
them
access
to
all
posts
before
it
was
shut
down.
About Author
