PLEASANT GROVE — A letter sent to customers and distributors from doTERRA, the Utah-based essential oil company, is warning that an apparent data breach last month may have compromised their personal information.
A letter dated April 18 explains that a breach of doTERRA’s third-party data hosting and software service provider may have accessed the names, Social Security or identification numbers, payment card information, dates of birth, postal and email addresses, telephone numbers, usernames and passwords.
In a statement, a doTERRA representative said the company is working with law enforcement, security professionals and the affected vendor as the case is investigated.
The company has not identified how many people may have been affected by the breach. Kirk Jowers, vice president of corporate relations, said not all of doTERRA’s customers or distributors were affected, and those who were impacted did not all have the same information potentially compromised.
The company has reached out by mail to anyone whose data may have been accessed, Jowers said. Those affected were primarily in the United States, with a limited number of individuals impacted in Canada and internationally, he added.
So far, there is no evidence that any personal information has been used criminally, according to Jowers.
“Even if this issue only affected one person, it would be important to us,” he said.
The letter, signed by doTERRA CEO David Sterling, says doTERRA was working to secures its systems prior to the breach.
“We take our obligation to safeguard your personal information very seriously. Be assured that we at doTERRA are taking extensive measures to protect your information and have engaged industry-leading security firms to assist us. doTERRA also has been investing heavily for some time now to implement its own state-of-the-art systems to support growth and expansion and enhance security. These efforts continue to proceed on track,” the letter indicates.
Those receiving the letter were advised to review their accounts, register for two years of credit monitoring services provided by doTERRA, and change their passwords to doTERRA accounts.
Customers and distributors who didn’t receive a letter were not impacted, Jowers said.
Following the breach, a Facebook group named Essential Community acknowledged the issue in an April 23 post and recommended a blend of essential oils to alleviate stress.
“As we are dealing with the data breach for ourselves, our teams and our Facebook community we decided a blend was needed! Although it started out to help us laugh it actually is a great calming and encouraging blend! Enjoy!” the post read.