RealTime IT News

Mainframe Breach at LensCrafters Parent Hits 59K

Security
More than 59,000 employees of Luxottica Group may be at risk after a hacker made off with their personal information in the latest incident of a massive corporate data breach.

Italy-based Luxottica Group S.p.A. owns the LensCrafters eyewear chain and is the world's largest designer, manufacturer and distributor of high-end eyewear -- including products bearing the Ray-Ban, Dolce & Gabbana, Donna Karan, Polo Ralph Lauren, Prada and Versace brands.

Luxottica's IT security discovered that its mainframe had been breached during an investigation in July and contacted local law enforcement, a spokesperson at Luxottica's U.S. headquarters in Mason, Oh. told InternetNews.com.

According to Lt. Jeff Braley of the Hamilton Township, Ohio, police department, 59,419 Luxottica employees lost their data through the breach.

Once investigators discovered the intrusion, they traced the hacker's IP address to Molly Burns of Glendale, Ariz. Braley, who heads the Cyber Crimes Task Force in Warren County, Ohio, also confirmed media reports that Burns has a long arrest record that includes theft, forgery and drug charges.

Braley added that no criminal charges have been filed, and that the case may be turned over to the FBI.

The breach comes on the heels of several high-profile data losses at other large companies. In August, Wells Fargo was hit by a data breach in which the personal information of thousands of consumers was stolen.

TJX was hit by a breach that saw an estimated 47.5 million records stolen over 18 months between 2005 and 2006.

Luxottica has released few details about the intrusion into its mainframe, which are typically seen as being more difficult targets for hacking than other systems.

"Generally, mainframes are not accessible to the Internet, so the hacker most likely had to compromise other systems internally before getting to the mainframe," said Chris Petersen, a former electronic data processing auditor with PriceWaterhouse and Ernst & Young.

Petersen, who is now chief technology officer of LogRhythm, which collects and manages server log data, told InternetNews.com that it is likely the hacker accessed another server first, then hopped from machine to machine until getting to the mainframe.

LogRhythm and other log management companies offer software that automates log collection and analysis and enables users to set policies that send up flags in near-real-time when unauthorized behavior is detected.

"Had the organization created a few basic rules, this breach wouldn't have happened," Petersen said. "Right now, they probably have to restore backup tapes and scrounge around and figure out what happened, or they'll miss a few servers the hacker compromised that someone could exploit six months later."