Garden of Life LLC, a nutrition and supplements company, experienced a data breach in December 2024 that exposed online customers' credit card and personal information. The breach allegedly enabled criminals to access sensitive payment and identity details, though the exact scale of the compromise remains undisclosed. A proposed class action lawsuit was filed by affected customers, but a Florida magistrate judge recommended dismissal due to lack of jurisdiction, arguing the plaintiffs failed to establish legal standing. The incident highlights risks associated with e-commerce platforms handling financial data, where unauthorized access can lead to fraudulent transactions or identity theft. While the company may avoid litigation, the breach underscores vulnerabilities in data protection measures, potentially damaging customer trust and brand reputation. The exposed data—primarily financial—suggests a targeted attack on payment systems, though no evidence indicates broader systemic failures or ransomware involvement.
Source: https://news.bloomberglaw.com/ip-law/garden-of-life-e-consumers-road-rockier-after-dismissal-report
Garden of Life cybersecurity rating report: https://www.rankiteo.com/company/garden-of-life
"id": "GAR2604126112125",
"linkid": "garden-of-life",
"type": "Breach",
"date": "12/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Online customers (class action '
'plaintiffs)',
'industry': 'Health & Wellness (Nutrition and '
'Supplements)',
'location': 'Florida, USA (legal jurisdiction: '
'Southern District of Florida)',
'name': 'Garden of Life LLC',
'type': 'Private Company'}],
'data_breach': {'data_exfiltration': 'Likely (accessed by criminals)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['credit card information',
'personal information']},
'date_detected': '2024-12',
'description': 'Garden of Life LLC, a nutrition and supplements company, '
'experienced a data breach in December 2024 that exposed '
"online customers' credit card and personal information. A "
'proposed class action lawsuit was recommended for dismissal '
'by Magistrate Judge Bruce E. Reinhart due to lack of '
'jurisdiction to sue.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'lawsuit and breach disclosure',
'customer_complaints': 'Proposed class action lawsuit by affected '
'customers',
'data_compromised': ['credit card information',
'personal information'],
'identity_theft_risk': 'High (credit card and personal information '
'exposed)',
'legal_liabilities': 'Class action lawsuit (recommended for '
'dismissal due to jurisdictional issues)',
'payment_information_risk': 'High (credit card information '
'compromised)'},
'investigation_status': 'Ongoing (legal proceedings; breach details '
'undisclosed)',
'references': [{'source': 'US District Court for the Southern District of '
'Florida (Magistrate Judge Bruce E. Reinhart’s '
'report)'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit (recommended '
'for dismissal)'},
'title': 'Garden of Life LLC Data Breach (2024)',
'type': 'Data Breach'}