Luxottica is the biggest eyewear retailer of known brands including Ray-Ban, Persol, Oakley, and Vogue Eyewear. The company likewise owns and manages eyewear stores, like Target Optical, Sunglass Hut, and Pearle Vision. Luxottica announced its settlement of the class action data breach lawsuit associated with a hacking incident in 2020 that allowed unauthorized access to a consultation scheduling program that held the personal data and protected health information (PHI) of over 829,000 patients of Luxottica-owned or affiliated eye care practices. The unauthorized access happened from August 5 to August 9, 2020, and the impacted people were advised about the data breach in November 2020. The breached information included names, Social Security numbers, medical and financial data. HIPAA training IT professionals should pay attention to such incidents when PHI is involved.
A number of individuals impacted by the data breach filed lawsuits for damages and compensation. The lawsuits were combined into one action, the Luxottica of America Inc. Data Security Breach Litigation, and was filed in the District Court for the Southern District of Ohio. The lawsuits claimed Luxottica did not employ reasonable and proper safety measures, and if those safety measures had been applied, the company could have avoided the data breach. Luxottica did not admit to any wrongdoing but opted to resolve the lawsuit with a settlement to end the litigation.
Luxottica has offered to pay $250,000 for claims of people whose financial data and/or Social Security numbers were compromised. Claims may be filed for recorded out-of-pocket costs and lost time (as much as 4 hours at $20/hour). California residents at the time the breach happened could claim an extra cash payment of $50. Claims will be adjusted depending on the number of valid claims and paid pro rata. Members of this settlement class are likewise qualified to avail of free 3-bureau credit monitoring services for 2 years.
People whose Social Security numbers or financial data were not compromised may file claims for out-of-pocket costs and lost time, up to $300 only, and an extra $50 for residents in California. Filing of exclusion and objection already ended on Nov. 13, 2024 and Nov. 4, 2024, respectively. Claims can be filed through the settlement website (luxotticadatasettlement.com). The last day for filing a claim is January 2, 2025. The court has given the settlement its preliminary approval but the schedule of the final fairness hearing is January 21, 2025.
