Customers react to data breach at Utah essential oils company doTERRA

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

PLEASANT GROVE - Utah-based company doTERRA confirmed that customer information may have been breached, Tuesday.

Vice President of Corporate Communications, Kirk Jowers, said the breach happened in March.

"Our third-party data provider told us that they may have been accessed and we moved immediately and hired industry security firms, forensics firms, contacted law enforcement and the Federal Bureau of Investigation," Jowers said.

Since its start in 2008, the Pleasant Grove company has grown to over three million customers and advocates with roughly 50,000 of them located in Utah.

"I'm like, 'oh, great, wonderful. My information could be out there,'" said Debbie Allen, a doTERRA customer who learned about the data breach.

Others, didn't seem as concerned over the news.

"It's happened to my husband before with another company," said Chelsie McCage, also a customer with doTERRA. "I figure I love their product, so I'm going to keep using them."

DoTERRA does encourage customers to keep an eye on their personal information in the coming weeks and months. In fact, those whose information may have been compromised should have received a letter in the mail with the kind of information that may have been stolen, stating:

"Names, Social Security numbers (or other government-issued identification numbers), payment card information (including full or partial card numbers, security codes and expiration dates), dates of birth, postal and email addresses, telephone numbers, and usernames and passwords."

So far, Jowers said it appears none of the personal information has been used, but his company isn't taking any chances. They're even offering customers two years of identity protection and credit monitoring service for free.

"Hopefully, it will be much a-do about nothing," Jowers said. "But we can't leave anything to chance."

3 comments

  • Kim

    I find it interesting that the doTERRA statement now is “may have” whereas the letter dated April 18th that some received clearly states “”third-party vendor….informed us that an intruder HAD accessed some of the vendor’s systems. That intrusion appears to HAVE resulted in the unauthorized acquisition in vendor’s systems. ….intrusion appears to HAVE resulted in the unauthorized acquisition in Marcy 2016 of personal information….” and it goes on to list such as you listed. Also note, there were two letters…some people did have payment card information that was possibly breached. I find it unnerving that public quotes are speculative in “MAY have” while those that received letters it was fairly cut and dry that they HAVE been…

    • Jeanette

      Iam furious about this. A company of this size should have had the best security out there. Now its our problem and worry plus all the people we have signed up.

Comments are closed.