BreachExchange mailing list archives
Arbonne MLM data breach exposes user passwords, personal info
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 29 May 2020 09:32:51 -0500
https://www.bleepingcomputer.com/news/security/arbonne-mlm-data-breach-exposes-user-passwords-personal-info/ International multi-level marketing (MLM) firm Arbonne International exposed the personal information and credentials of thousands after its internal systems were breached by an unauthorized party last month. Arbonne is a privately held California-based company acquired by Groupe Rocher in 2018, with annual revenues of over $500 million and a network of more than 200,000 independent consultants from the United States, the United Kingdom, Canada, Australia, Poland, and New Zealand. Data breach impacts thousands of Californians "On the evening of April 20, 2020, Arbonne became aware of unusual activity within a limited number of its internal systems," Arbonne says in a data breach notification letter filed with the Office of the Attorney General of California. "On April 23, 2020, the investigation identified a data table containing limited personal information that may have been accessible to unauthorized actor." According to Arbonne's breach notification, 3,527 California residents were impacted in the incident, with the following types of personal information being exposed to unauthorized access: names, email and mailing addresses, order purchase histories, phone numbers, and Arbonne account passwords. While the company shared the number of affected Californians, the total number of impacted individuals is currently unknown although Maryland, New York, New Mexico, North Carolina, and Rhode Island residents are advised to contact their Attorney General for more info. BleepingComputer has reached out to Arbonne for more details but had not heard back at the time of this publication. This article will be updated when a response is received. Arbonne says that the affected users' payment card or government ID information, such as Social Security numbers, was not exposed in the breach based on the ongoing investigation's results Passwords reset for all affected user accounts "While our investigation is ongoing, in an abundance of caution, we forced a password reset for all users whose passwords may have been subject to unauthorized access and we notified these users to ensure they were aware of this incident," Arbonne added. The data breach experienced by the MLM company was also reported to the FBI and relevant regulators. Following the incident, Arbonne provides all impacted individuals with twelve months of free credit monitoring, fraud consultation, and identity theft restoration services from Kroll. The company also provides a customer service support hotline at 800-ARBONNE, open "Monday through Friday, 7 am – 8 pm Pacificexcluding national holidays." Last month, the U.S. Federal Trade Commission warned Arbonne to direct its independent consultants to stop making claims on social media that some of its products "treat or prevent Coronavirus Disease 2019 ('COVID-19')." The company answered by stating that all representatives who failed to adhere to FTC guidelines will have their accounts de-registered. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Arbonne MLM data breach exposes user passwords, personal info Destry Winant (May 29)