Luxottica Breach

​In March 2021, Luxottica, the world's largest eyewear company, experienced a significant data breach through a third-party contractor managing its customer data. The breach exposed personal information, including names, email addresses, phone numbers, physical addresses, and dates of birth of over 100 million customers.

The company became aware of the incident in November 2022 when the compromised data was found being sold on the now-defunct BreachForums hacking platform. Subsequently, in April and May 2023, the data was leaked for free on various hacking forums, making it widely accessible to malicious actors. ​

Upon discovering the breach, Luxottica confirmed that the incident originated from a security breach at a third-party vendor and that its internal systems were not compromised. The company reported the incident to the FBI and Italian law enforcement authorities and notified the Italian data protection authority. Luxottica stated that it was evaluating its notification obligations under applicable data protection laws. ​