Earlier this month, Arbonne, a multi-level marketing company advertising vegan skincare, cosmetics, and nutrition products, disclosed a data breach affecting 3,527 California residents.
However, the total number of impacted individuals remains unknown, as other states may be affected as well. Residents of Maryland, New York, New Mexico, North Carolina and Rhode Island residents are encouraged to get in touch with their Attorney General for additional information.
According to a Notice of Data Breach on April 20, the California-based company became aware of unusual activity within some of its internal systems. The company started an investigation and determined that certain information may have been accessed without authorization.
On April 23, the security team discovered a data table containing some personal information that may have been accessible to the attacker.
“To date, we are not aware of any actual or attempted misuse of your personal information in relation to this incident,” the company said.
What information could the unauthorized party access?
According to the company, personal identifiable information present included name, email and mailing addresses, order purchase history, phone number, and Arbonne account password.
“To date, our investigation has not determined that payment card information or government ID information, such as Social Security numbers, were accessed,” Arbonne said.
What is the company doing?
Even with the ongoing investigation, the organization has forced a password reset for all impacted user accounts, and is taking steps to enhance network protection by implementing additional security measures and employee training. Arbonne has also committed to provide affected users with a 12-month identity monitoring service, free of charge, and advises affected members to remain vigilant.
What should affected users do?
Besides placing a fraud alert on their accounts, Arbonne members should also monitor their Inboxes for unsolicited emails and phishing attacks, and make sure to review their account statements, and contact the Federal Trade Commission and law enforcement in case of any suspicious activity or fraud.