Luxottica, one of the biggest eyewear-manufacturers in the world, was at the receiving end of a cyberattack on Sunday, September 20. The attack, confirmed by local cybersecurity company Femca-Cisl, was a malware. Despite the compromise, Luxottica shut down its computer systems. Fortunately, the cyberattack was unsuccessful and no information was stolen.
The cyberattack took place in Agordo and Sedico and was preceded by crashes of Luxottica’s subsidiary websites like ‘One Luxottica’ and ‘University Luxottica’. The websites of Ray-Ban, SunglassHut, and LensCrafters also suffered from a crash a few days before the main cyberattack.
Luxottica information security manager Nicola Vanin confirmed on LinkedIn that the company has been the victim of a cyberattack. He also admitted that the attack impacted its operations worldwide. He further clarified that no information had been stolen.
Employees of Luxottica received an SMS from the administration stating that the second shift of September 21 was cancelled due to unspecified “computer system failure. Actually, they and were asked to go home.
Local media reports suggest that the decision to disconnect all servers was made as a precaution. In the subsequent hours, the systems were restarted, and that the cybersecurity systems “help up” against the attack was activated.
According to a statement given by cybersecurity firm Bad Packets to BleepingComputer, the attack on Luxottica was triggered when hackers used a vulnerability in a Citrix ADX controller. This is a flaw that is commonly exploited by ransomware groups.
Luxottica is one of the largest merchandise conglomerates in the world, and a successful ransomware attack would be devastating to the company. Notably, It owns some of the Chanel, Prada, Armani, Ray-Ban, and Coach, among others.