Eyewear Giant Luxottica Confirms Ransomware Attack


Luxottica, the world’s largest eyewear manufacturer, has suffered a ransomware attack that forced the company to shut down operations.

According to Italian media outlets, operations at Luxottica plants in Agordo and Sedico were disrupted due to a significant computer system failure. Employees were sent home via an SMS announcing, “the second work shift of today September 21 is suspended” due to “serious IT problems.”

The attack also affected the websites for Luxottica portals and company-owned brands. Ray-Ban, Sunglass Hut, LensCrafters, EyeMed, and Pearle Vision were made temporarily unavailable, displaying an under maintenance notification.

Although the company has not made a public statement, Luxottica’s information security manager, Nicola Vanin, has confirmed the ransomware attack via LinkedIn.

In a message posted on September 22, Vanin said that there had been no signs of data access or theft, and the procedure for cleaning up compromised servers has already begun.

“There is currently no access or theft of information from users and consumers,” the post reads. “Once the event was analyzed, the clues were collected in less than 24 hours, and the procedure for cleaning up the affected servers began. Work activities are progressively returning to normal in the Milano plants and headquarters.”

As the year unfolds, it seems that more and more companies and organizations fall victim to ransomware attacks. BleepingComputer reported that the attack on Luxottica’s network was possible due to an unpatched vulnerability found in Citrix devices (CVE-2019-19781).

The same vulnerability was exploited in the ransomware attack on Düsseldorf University Hospital, which led to the death of a patient in need of emergency care.