Recently, Garden of Life reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on November 11, 2025, Garden of Life became aware of an unauthorized third party claiming to have accessed certain Garden of Life systems by exploiting a vulnerability in Oracle E-Business Suite software, which supports certain business operations at Garden of Life.1 As a result, Garden of Life launched an investigation to determine the nature of the incident.
Through its investigation, Garden of Life confirmed that sensitive personal information may have been accessed and acquired by an unauthorized third party between August 9 and August 10, 2025. As a result, Garden of Life began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
Address
Email address
Phone number
On December 4, 2025, Garden of Life began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, Garden of Life is providing affected individuals with a list of the specific types of sensitive information impacted and 24 months complimentary credit monitoring services. A link to the breach notifica
Source: https://straussborrelli.com/2025/12/08/garden-of-life-data-breach-investigation/
TPRM report: https://www.rankiteo.com/company/garden-of-life
"id": "gar1765247598",
"linkid": "garden-of-life",
"type": "Vulnerability",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Impacted individuals identified '
'during review',
'name': 'Garden of Life',
'type': 'Company'}],
'attack_vector': 'Exploitation of software vulnerability',
'customer_advisories': '24 months complimentary credit monitoring services '
'provided to affected individuals',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security number',
'Address',
'Email address',
'Phone number']},
'date_detected': '2025-11-11',
'date_publicly_disclosed': '2025-12-04',
'description': 'Garden of Life experienced a data breach in which sensitive '
'personal identifiable information may have been compromised. '
'An unauthorized third party accessed certain systems by '
'exploiting a vulnerability in Oracle E-Business Suite '
'software.',
'impact': {'data_compromised': 'Sensitive personal identifiable information',
'identity_theft_risk': 'High',
'systems_affected': 'Oracle E-Business Suite software systems'},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Exploitation of Oracle E-Business '
'Suite software vulnerability'},
'references': [{'source': 'Breach notice to the Attorney General of Vermont'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to the '
'Attorney General of '
'Vermont'},
'response': {'communication_strategy': 'Data breach notification letters '
'mailed to impacted individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'Garden of Life Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Oracle E-Business Suite software vulnerability'}