The California Office of the Attorney General disclosed a data breach affecting dōTERRA International, LLC in April 2016. The incident involved the unauthorized acquisition of sensitive personal information belonging to Wellness Advocates and customers, including names, Social Security numbers, and payment card details. While the exact timeline of the breach remains undisclosed, the exposure of such highly confidential data particularly financial and identity-related records poses severe risks. Compromised Social Security numbers and payment card information can lead to identity theft, financial fraud, and long-term reputational damage for both the company and affected individuals. The breach underscores vulnerabilities in dōTERRA’s data protection measures, raising concerns about compliance with regulatory standards and the potential for downstream legal and operational repercussions. Customers and advocates may face prolonged monitoring requirements to mitigate fraud risks, while the company could encounter regulatory penalties, lawsuits, or erosion of trust among its global user base.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-61140
TPRM report: https://www.rankiteo.com/company/doterra-essential-oil
"id": "dot028091825",
"linkid": "doterra-essential-oil",
"type": "Breach",
"date": "4/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Wellness Advocates and '
'customers (exact number '
'unspecified)',
'industry': 'Health/Wellness (Essential Oils)',
'location': 'Pleasant Grove, Utah, USA',
'name': 'dōTERRA International, LLC',
'type': 'Private Company'}],
'data_breach': {'data_exfiltration': 'Yes (unauthorized acquisition '
'confirmed)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_publicly_disclosed': '2016-04-18',
'description': 'The California Office of the Attorney General reported a data '
'breach involving dōTERRA International, LLC on April 18, '
'2016. The breach involved unauthorized acquisition of '
'personal information possibly affecting Wellness Advocates '
'and customers, including names, Social Security numbers, '
'payment card information, and more.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'payment card information'],
'identity_theft_risk': 'High (PII and SSNs exposed)',
'payment_information_risk': 'High (payment card information '
'exposed)'},
'references': [{'date_accessed': '2016-04-18',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'California Civil Code § '
'1798.82)'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'dōTERRA International, LLC Data Breach (2016)',
'type': 'Data Breach'}