Luxottica, the world’s largest eyewear company, has confirmed that it suffered a ransomware attack which led to the shutdown of its operations in Italy and China.
The conglomerate, whose eyewear frames account for about 10% of sales worldwide, is the owner of popular eyewear brands Ray-Ban, Oakley, and Persol. Luxottica also produces designer eyewear for fashion brands like Armani, Bulgari, Chanel, Prada, Ferrari, Giorgio Armani, Michael Kors, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch.
In addition, Luxottica operates eyecare providers like Pearle Vision, LensCrafters, and EyeMed, as well as eyewear retail outlets such as Sunglass Hut.
Last week, consumers reported that the websites for Ray-Ban, EyeMed, Pearle Vision, and Sunglass Hut were down. Several took to social media and shared speculation that the sites were hacked. At the same time, Luxottica’s own websites – one.luxottica.com and university.luxottica.com – were also reported down, displaying messages that the websites were “temporarily unavailable” and were undergoing maintenance.
Italian cybersecurity news portal SecurityOpenLab.it reported earlier this week that Luxottica’s offices in Agordo and Sedico, Italy, suffered “computer system failure.” Employees were sent an SMS message to stay home, as the offices were practically disabled. Several union sources later confirmed with news site Ansa that the employees were sent home due to “serious IT problems.”
A Luxottica employee eventually contacted BleepingComputer and confirmed that the company had been hit by a ransomware attack. According to the employee, the cyber incident occurred on Sunday evening, and it affected the company worldwide.
A security professional unattached to Luxottica later said that no data had been stolen during the malware attack, but this information has yet to be independently verified.
The malware attack plaguing Luxottica may have exploited a vulnerable Citrix ADX controller device, cybersecurity firm Bad Packets told BleepingComputer. The exploit is a favorite tactic among ransomware threat actors, allowing hackers to access an affected network and its credentials.