Luxottica Data Breach
Luxottica Eyewear Conglomerate Breach (2021): 300 Million Customer Records Including DOB & Home Address Exposed via Third-Party Contractor
Eyewear manufacturer and retailer.
Risk Interpretation
High risk of phishing, fraud, and account misuse. Prescription and eyewear-purchase data may also support profiling and healthcare-adjacent privacy harms.
Impact & Downstream Threats
The 2021 breach occurred through a third-party contractor managing Luxottica customer data. Approximately 300 million records were exposed including names, email addresses, phone numbers, dates of birth, genders, and physical addresses. Luxottica notified affected individuals and reported the incident to Italian and U.S. regulators. The scale of the exposure — affecting customer data across its retail network globally — drew significant attention given the volume. No major financial settlement o
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Luxottica, the world's largest eyewear company and parent of Ray-Ban, Oakley, LensCrafters, and Sunglass Hut, suffered a data breach in March 2021 through a third-party contractor responsible for managing its customer data. The contractor's systems were compromised, exposing records belonging to approximately 300 million customers. Luxottica's own internal systems were not affected. The breach went undetected for over a year and a half, surfacing in November 2022 when the stolen data appeared for sale on the hacking platform BreachForums. By April and May 2023, the data had been leaked for free across multiple hacking forums, putting it within reach of any malicious actor. The exposed data includes names, email addresses, phone numbers, physical addresses, dates of birth, and genders. This combination is particularly sensitive because it gives bad actors enough personal detail to impersonate affected individuals, craft convincing phishing messages, or open fraudulent accounts. The eyewear and optician context also means the data may reflect health-adjacent purchasing behavior, which can be used for targeted scams or profiling. Luxottica reported the breach to the FBI, Italian law enforcement, and Italy's data protection authority, and stated it was reviewing its notification obligations under applicable privacy laws. No prominent public enforcement action or financial settlement specific to this breach has been documented. Affected individuals face an ongoing risk of phishing, fraud, and identity misuse, and should treat unsolicited contact referencing their personal details, purchase history, or optical health with caution.
About Luxottica
Luxottica is the world's largest eyewear company, designing, manufacturing, and distributing optical frames and sunglasses under an extensive portfolio of owned and licensed brands. Owned brands include Ray-Ban and Oakley. Licensed brands span a significant portion of the global luxury fashion market. The company is headquartered in Milan and has operated as a subsidiary of EssilorLuxottica since the 2018 merger that created the dominant global optical group. Its retail operations include LensCrafters, Sunglass Hut, and Pearle Vision.
Why They Hold Your Data
Global optical brands collect customer identity, contact data, prescriptions, purchase history, warranty records, and retail-service interactions across eyewear manufacturing and retail operations.
Recent Developments
EssilorLuxottica has continued expanding its vertically integrated model across lens manufacturing, frame design, and retail distribution. The company has invested in digital eye care tools and direct-to-consumer initiatives. It has maintained strong market positioning across the luxury eyewear segment through licensing relationships with major fashion houses.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, gender, phone_number, physical_address, physical_address:home
Dark Web Verification
- Dataset containing ~299.9M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: luxottica.com-2021;Luxottica Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Luxottica
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam