PLEASANT GROVE, Utah – Utah-based essential oil company doTERRA is warning customers and distributors that their personal information may have been compromised in a data breach in March.
In a letter released last week, the company said intruders may have accessed information such as names, Social Security numbers, payment information, birthdates and more through a third-party vendor that provides doTERRA with data hosting and software services.
doTERRA said in a statement it was working with law enforcement and security experts to address the issue.
The company, which launched in 2008, sources essential oils from 40 countries. It makes and sells oils and spa, personal care and dietary supplement products. doTERRA employs 2,000 people. It sells to customers in 73 countries and has 1.5 million independent distributors across the globe, according to a recent Spectrum newspaper profile of the company.
The letter suggests that doTERRA customers review account statements, order a credit report and change passwords. The company is offering letter recipients an identity protection and credit monitoring service for 24 months at no cost.
It’s unclear how many customers may have been affected. The company didn’t immediately return messages from The Associated Press seeking comment Wednesday.
Utah FBI spokeswoman Sandra Yi Barker said the agency was aware of the apparent breach, but she could not release more information because the investigation is ongoing.