What happened
According to public breach records, the Luxottica data breach on March 16, 2021 is reported to have exposed the personal information of 77,093,812 accounts.
In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people. The data was subsequently sold via a popular hacking forum in late 2022 and included email and physical addresses, names, genders, dates of birth and phone numbers. In a statement from Luxottica, they advised they were aware of the incident and are currently "considering other notification obligations".
In May 2023, Luxottica, the world's largest eyewear company, confirmed a 2021 data breach in which personal information tied to roughly 70 million customers was published online; the exposed database originated with a third-party contractor that held Luxottica retail customer data, not Luxottica's own core systems. Data exfiltration was traced to around March 16, 2021 based on the most recent records, and the database, containing about 305 million lines and 74.4 million unique email addresses, was first sold privately on hacking forums in late 2022 before being released for free in April-May 2023. The leaked records included names, email and physical addresses, phone numbers, and dates of birth, but notably did not contain Social Security numbers, passwords, login credentials, or financial/payment information.
What data was exposed
The following types of personal data were compromised:
- Dates of birth
- Email addresses
- Genders
- Names
- Phone numbers
- Physical addresses
Breach details
| Detail | Value |
|---|---|
| Breach name | Luxottica |
| Date | March 16, 2021 |
| Accounts affected | 77,093,812 |
| Domain | luxottica.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Luxottica; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Treat email and phone number as exposed: be wary of unsolicited messages, especially anything referencing eyewear brands (Ray-Ban, Oakley, etc.) or posing as customer support, and never click links or share codes from such messages.
- Because names, dates of birth, and physical addresses leaked together, watch for targeted identity-verification scams and consider placing a fraud alert with the credit bureaus even though no SSN was exposed.
- Enable two-factor authentication on the email account tied to this address, since a leaked email is a common starting point for account-takeover and phishing.
- Report phishing texts/emails and consider using a unique email alias for retail accounts going forward to limit future spam and phishing exposure.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Luxottica confirms 2021 data breach after info of 70M leaks online
- 2021 data breach exposed data of 70 Million Luxottica customers
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →