Skip to main content

Ray-Ban parent company confirms ransomware attack

(Image credit: Shutterstock / hywards)

Update:
Luxottica has now confirmed that a ransomware attack is responsible for the widespread service outages affecting the organization.

The company claims that no customer data was accessed or stolen in the incident, but that its IT systems remain temperamental in the aftermath of the attack.

Original story:
Italian luxury eyewear company Luxottica appears to have fallen victim to a ransomware attack that took down its services in Italy and China.

Owner of popular brands including Ray-Ban and Oakley, the conglomerate employs circa 80,000 people worldwide across its various business segments.

Customers first noticed something was amiss when the websites of Luxottica-owned Ray-Ban, Sunglass Hut, LensCrafters, EyeMed and Pearle Vision went down.

Company web portals one.luxotrica.com and university.luxottica.com were also unavailable, this time serving up a maintenance alert.

Reports from Italian publication Ansa, meanwhile, suggest the service outage was caused by “computer system failure” and that employees working out of Italian offices in Agordo and Sedico were sent home as a result, with work made impossible.

Luxottica cyberattack

While Luxottica has not yet confirmed the cause of the outages, early signs suggest a cyberattack - and likely ransomware - is responsible.

According to security firm Bad Packets, Luxottica operates a Citrix ADX controller that suffers from a critical vulnerability that could allow a hacker to execute code on a target machine.

Citrix released a patch for the flaw back in January, but not all organizations have installed the relevant update and the exploit remains a popular attack vector among ransomware operators.

“Exploits of this issue on unmitigated appliances have been observed in the wild. Citrix strongly urges affected customers to immediately upgrade to a fixed build OR (sic) apply the provided mitigation,” warned the networking giant.

Only last week, for example, the vulnerability was used to launch an attack on a German hospital with devastating effects, illustrating the destructive potential of ransomware.

Luxottica has not yet responded to our request for comment on the nature of the outages and whether or not ransomware is responsible.

TechRadar Pro will update this article as more details emerge.

Via Bleeping Computer