By Justin Lyons
According to Italian press sources, Luxottica was the victim of a cyberattack Saturday.
Luxottica owns eyewear brands like Oakley, Ray-Ban, Coach, Chanel and Versace as well as retail brands like LensCrafters, Sunglass Hut and Target Optical. It is the largest eyewear company in the world with more than 80,000 employees.
SecurityOpenLab, an Italian cybersecurity site, said its sources confirmed Luxottica offices suffered a complete system failure due to ransomware attacks, shutting down operations in Italy and China
SecurityOpenLab also said union sources confirmed that workers received an SMS message saying the second shift on Sept. 21 had been suspended.
Users began reporting an inability to reach sites for LensCrafters, Sunglass Hut, Ray-Ban and other Luxottica brands on Saturday. It was also reported that One Luxottica, a user portal for the company, was down, but it appears to be up again at the time of writing.
BleepingComputer spoke to Bad Packets, a cybersecurity firm, who told them Luxottica used a Citrix ADX controller device, which is vulnerable to CVE-2019-19781, a flaw in Citrix devices.
This flaw is exploited by ransomware actors as it provides network access and credentials used to deeper infiltrate a network.
Luxottica took the servers to its eyewear brand websites offline. While websites for Oakley, Ray-Ban, Coach and more are accessible now, a manager at LensCrafters storefront told 360 MAGAZINE that the Ciao operating system crashed Saturday and that they still have little to no ability to process insurance or complete transactions.
Though Luxottica has not made a public statement, the same source told 360 MAGAZINE that IT support was unavailable while systems were down. LensCrafters is currently logging orders for a later date when systems are back up.
360 was also told that LensCrafters will offer 50% off frames and lenses for the inconvenience to customers.