Listen to this story
A thread by Threat Actor Sin has claimed to auction the data of Italian eyewear conglomerate Luxottica Group. The eyewear brand is one of the leaders in manufacturing luxury and sports eyewear and has over 7400 optical and sun retail stores in North America, Asia-Pacific, and China. The threat actor allegedly claimed to be “buying” the data of Luxottica’s clients.
In 2020, the luxury eyewear brand was a victim of a data leak attack where 829,454 patients were impacted. Prior to that attack, the company faced the notorious Nefilim ransomware gang, which released the stolen data from the company on the dark web. Now, a threat group believed to go by the name TA Sin has reported auctioning the data stolen from the eyewear brand. As per sources, the claims thread was posted on the popular cyber forum Breachforums and later moved to verified marketplaces.
Luxottica Group data leak: Is it real?
At the time of writing, the TA claimed to obtain the data “legally” from a third party but refused to clarify this bizarre ordeal about the authenticity of where it got the data from and who the supplier was. According to sources, the sample data was worth 1GB and had some private information about individuals, including their first names, middle names, physical addresses, email addresses, order details, and other PII.
Another thing to consider in this data leak is that the threat actor had previously posted data from a popular music streaming service Deezer. The data published by the malicious actor was also verified to be authentic by the forum’s administrator. These events and evidence lead to believing that the actor is active and is running wild in the public domain.
Breachforums is a popular website used by threat actors to create threads to advertise the sale and purchase of data. However, being an Ecommerce of stolen data, it implements certain rules and regulations.
For starters, the forum has a subsection where TAs can publish their offers, samples, and leaks. But the only limitation is that the admin must verify the leak before posting it. To create the forum spam free, each TA, including the one that claims to have stolen the Luxottica Group data, must provide proof of access or origin of data.
Earlier this year, Moncler, an Italian luxury fashion brand, revealed a similar incident where the company experienced a data breach after the BlackCat ransomware gang stole its files and documents. In January 2022, Aditya Birla Fashion and Retail, a fashion retail company in India, also suffered a cyberattack where the cybercriminals published 5.4 million addresses from the online shopping portal.