Cyber Incident Victim: Arbonne International
Date:
Apr 2020
Location:
United States of America
Summary
Arbonne International experienced a cybersecurity breach involving unauthorized access to internal systems, leading to the exposure of personal information including names, email and mailing addresses, phone numbers, purchase histories, and account passwords for thousands of individuals. While the incident impacted at least 3,527 California residents, the total number of affected users across multiple regions remains undetermined, with authorities in several states advising impacted individuals to seek further details. The company confirmed no payment card or government ID data was compromised, initiated forced password resets for potentially exposed accounts, notified affected users, and reported the breach to law enforcement and regulators. Affected individuals were offered complimentary credit monitoring and identity theft protection services for twelve months.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 20, 2020, Arbonne International detected unusual activity within a limited number of its internal systems, prompting an investigation into a potential security breach. By April 23, 2020, the company identified a compromised data table containing personal information that may have been accessed by an unauthorized actor. The exposed data included names, email addresses, mailing addresses, order purchase histories, phone numbers, and Arbonne account passwords for affected individuals. While the investigation confirmed the breach did not expose payment card information or government-issued identification documents such as Social Security numbers, the incident impacted at least 3,527 California residents according to mandatory state breach notifications. Arbonne acknowledged potential impacts on residents of Maryland, New York, New Mexico, North Carolina, and Rhode Island but did not disclose the total number of affected individuals across its international operations spanning the United States, United Kingdom, Canada, Australia, Poland, and New Zealand.
Arbonne initiated a forced password reset for all users whose credentials may have been compromised and directly notified impacted individuals about the breach. The company reported the incident to the Federal Bureau of Investigation (FBI) and relevant regulatory authorities while continuing its internal investigation. As remediation, Arbonne offered twelve months of complimentary credit monitoring, fraud consultation, and identity theft restoration services through Kroll to affected persons. The company established a dedicated customer support hotline (800-ARBONNE) operating Monday through Friday during Pacific Time business hours to address inquiries. No evidence suggested misuse of exposed data at the time of notification, though Arbonne maintained precautionary measures given the sensitivity of the compromised account credentials and personal information. The breach occurred within systems of the multinational multi-level marketing firm, which reported over $500 million in annual revenue and maintained a network of more than 200,000 independent consultants prior to the incident.