My Daily Choice discloses data breach, then covers it up
On or around February 15th My Daily Choice pulled its website offline.
The functioning website was replaced by a warning message, disclosing to consumers that My Daily Choice had suffered a data breach.
Less than 48 hours later, the message was removed – leaving affected consumers vulnerable and in the dark.
Upon learning of My Daily Choice’s data breach I was initially going to wait till next week to see if it’d been resolved. My Daily Choice seemed to have made the right decision in pulling down their website.
If they could fix what went wrong over the weekend and get the site back up, it wasn’t really worth reporting on.
Having pulled up the original message My Daily Choice publicly released though, I think it’s important that distributors and retail customers be informed. Especially now that My Daily Choice appears to be trying to cover the breach up.
As originally disclosed by My Daily Choice on or around February 15th, the company was hit by a “ransomware cyber attack” that “compromised our data”.
The message, reproduced below, suggests distributor and customer personal information and financial details might have been stolen.
Important Announcement Regarding Recent Cybersecurity Incident
We have recently experienced a ransomware cyber attack that has created a breach in our technical infrastructure.
We understand the severity of this situation and want to assure you that we are taking immediate action to address the issue and mitigate any further risks.
Our top priority is securing our system, and we are working tirelessly to rectify the situation and strengthen our security measures moving forward.
Here is what we know about the incident:
– The cyber attack has compromised our data forcing us to go under maintenance.
– Our internal IT team, along with external cybersecurity experts, is conducting a thorough investigation to determine the extent of the breach and identify the perpetrators.
– We are implementing additional security protocols and measures to prevent similar incidents from occurring in the future.
While we continue to investigate the matter, we recommend that you take the following precautions:
– Monitor your accounts closely for any suspicious activity.
– Be cautious of any unsolicited emails or messages asking for personal information or financial details.
We deeply apologize for any inconvenience or concern this incident may cause you. Rest assured, we are committed to keeping you informed every step of the way and providing any assistance you may need.
If you have any questions or concerns regarding this matter, please do not hesitate to contact our customer support team.
Thank you for your understanding and continued support as we work through this challenging situation together.
In contrast to TranzactCard’s recent “pretend it didn’t happen” approach, full credit to My Daily Choice for initially being upfront and transparent about what happened.
Less than 48 hours after My Daily Choice disclosed its ransomware attack and data breach, the company replaced the disclosure with a generic “maintenance mode” message.
Currently there is no mention of the ransomware attack or data breach on My Daily Choice’s website. There’s also no mention of the breach or website downtime on My Daily Choice’s social media profiles.
Strangely My Daily Choice is still publishing (presumably timed) marketing material across FaceBook and Instagram.
The last post, made approximately 15 hours ago, advertises a 25% off sale on “clean makeup essentials”. An attached “daily deals” link returns a 404 “not found” error:
It’s unclear whether My Daily Choice has sent out an email to potentially affected consumers.
Either way, masking the breach as “maintenance” is definitely a compliance step back from My Daily Choice’s initial disclosure.
As per My Daily Choice’s initial disclosure, distributors and retail customers who have personal and financial data on file with My Daily Choice should closely monitor any potentially affected accounts.
Pending further disclosure from My Daily Choice, stay tuned for further updates.
Update 17th February 2024 – My Daily Choice has restored access to its website.
At time of publication there is no mention of the data breach on My Daily Choice’s website or on any of its social media profiles.
Update 12th June 2024 – My Daily Choice has officially disclosed the February 2024 data breach. 89,188 account owners are affected.
2 days later and “mydailychoice.com” does not appear on any CTI feeds meaning so far there are no signs of a Ransomware attack and assets.mydailychoice.com/ still seems to work just fine.
Unless they restored from a backup, does not quite make sense.
If no Ransomware incident took place they could have publicly stated, falsely, that a crime had been committed.
Article updated to note My Daily Choice’s website is back online.