Breach, Cloud Security, Data Security

DōTERRA breach exposes customer info; including SS, DOB, and addresses

DōTERRA International, a Pleasant Grove, Utah-based essential oils distributor, notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or “Wellness Advocates,” was breached.

The breach compromised names, social security numbers, dates of birth, addresses, telephone numbers, email addresses, usernames, passwords, and credit or debit card information – including card numbers, security codes and expiration dates. The bath oils company learned of the breach from its web hosting company, according to a letter CEO David Stirling sent to California's Attorney General.

The hosting provider informed dōTERRA that its systems were breached last month. The Utah-based company said it is working closely with and did not disclose the number of victims affected by the breach.

The company uses more than one million wholesale members to distribute its products, according the dōTERRA's website. Calls placed to the company were not returned by press time.

UPDATE: DōTERRA, replied to's earlier requests to comment with this statement: A third-party vendor that provides dōTERRA with data hosting and software services recently informed us that an intruder had unlawfully accessed some of the vendor's systems.  Promptly after learning of the issue, dōTERRA engaged leading security experts to conduct an investigation to determine the nature and scope of the issue, and has been working closely with law enforcement authorities. Individuals who were affected by this incident are being notified by postal mail."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.