Billion-dollar eyewear giant EssilorLuxottica (EL) has reportedly suffered a ransomware attack that led to the shutdown of operations in Italy and China last week. It appears to have disrupted web-based commerce sites like Ray-ban and LensCrafters.
Cyber intelligence firm Bad Packets told Bleeping Computer that EL had a Citrix controller device vulnerable to a known critical flaw that was disclosed in late December 2019. Citrix announced mitigations for the flaw at the time and an upgrade to a ‘fixed build’—a newer solution not impacted by the flaw.
This flaw has become a popular vulnerability for ransomware threat actors to exploit, including the recent attack on University Hospital Düsseldorf (UKD) in Germany that resulted in a patient’s death two weeks ago.
Nicola Vain, information security manager for the company, said on LinkedIn that there was no evidence of access or theft of information from users and consumers. “Once the event was analyzed, the clues were collected in less than 24 hours, and the procedure for cleaning up the affected servers began,” Vanin said. “Work activities are progressively returning to normal in the Milano plants and headquarters.”
3 key takeaways for investors from this incident:
- Ransomware attacks cost $: Ransomware attacks that disrupt operations do adversely impact financial statements. These impacts will likely be evident in the next reporting period. They also weigh negatively on share price in the months following the breach.
- EL has the financial capacity to respond: Strong financials, namely positive cashflow, mean EL has the financial capacity to respond to this attack with additional investment in cyber weaknesses that led to the breach. This means the negative impact of the event can be minimized along with the probability of another similar breach in future. This is not true for companies with weaker financials (like PBI and Travelex).
- Ask the right risk questions: Analysts and Investors should ask EL’s C-suite questions about the financial impact of this event and the investments being made to protect from the downside risks of increased digitalization.
This attack will likely hit EL’s topline revenue, as “on Friday evening, people began to report that the web sites for Ray-Ban, Sunglass Hut, LensCrafters, EyeMed, and Pearle Vision were not working, and wondered if they were breached.” This comes at a time when companies like EL are increasingly reliant upon digital sales to compensate for lost sales at closed bricks-and-mortar shops. Because of this, even temporary service interruptions can be costly.
The reason ransomware attacks like this are so financially damaging is because they disrupt operations, which immediately negatively impacts companies financials. This is also why it is increasingly difficult for consumer-facing companies like retailers to hide such breaches from the public.
As for the vulnerability that may have caused this business disruption, it is not known yet whether EL took steps to remediate the flaw earlier this year. However, it is a reminder of why companies with good cyber governance outperform those with poor governance. 4 and 5-Star companies have strong ‘people and process’ that address known flaws in a timely manner, while 1-2 Star companies often do not.
Strong financials are the reason why Luxottica is in good position to respond
In its most recent financial results, EL reported ‘solid online sales growth’ and ‘digitalisation’ as evidence of agility in reaction to COVID‑19. Despite a 29% drop in YoY revenue growth, it remained cash flow positive. This is partly a result of the fact that it is in a generally high margin business. But EL’s digital sales are clearly increasingly important for future growth, as we see across the retail sector.