DōTERRA International, a Pleasant Grove, Utah-based essential oils distributor, notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or “Wellness Advocates,” was breached.
The breach compromised names, social security numbers, dates of birth, addresses, telephone numbers, email addresses, usernames, passwords, and credit or debit card information – including card numbers, security codes and expiration dates. The bath oils company learned of the breach from its web hosting company, according to a letter CEO David Stirling sent to California's Attorney General.
The hosting provider informed dōTERRA that its systems were breached last month. The Utah-based company said it is working closely with and did not disclose the number of victims affected by the breach.
The company uses more than one million wholesale members to distribute its products, according the dōTERRA's website. Calls placed to the company were not returned by press time.
UPDATE: DōTERRA, replied to SCMagazine.com's earlier requests to comment with this statement: A third-party vendor that provides dōTERRA with data hosting and software services recently informed us that an intruder had unlawfully accessed some of the vendor's systems. Promptly after learning of the issue, dōTERRA engaged leading security experts to conduct an investigation to determine the nature and scope of the issue, and has been working closely with law enforcement authorities. Individuals who were affected by this incident are being notified by postal mail."