1.1 million Young Living accounts leaked in data breach
Earlier this month around 1.1 million Young Living account details were published on a popular hacking forum.
The details were published on December 11th, with the data breach itself believed to have taken place earlier.
Leaked Young Living account information includes distributor and customer names, corresponding email addresses, dates of birth and geographic location.
The website Have I Been Pwned? claims to have verified the breach on December 19th, crediting it to “Threat Actor 888”:
Notably, Young Living “did not respond to multiple attempts to contact them about the data.”
Young Living is based out of Utah. Under Utah law, Young Living is first required to
conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused for identity theft or fraud purposes.
Given the account details were published on a hacking forum, this determination is likely a given.
Upon determining whether obtained personal information “will be misused for identity theft and fraud purposes”, Young Living is required to “provide notification to each affected Utah resident”.
If the account details of more than 500 Utah residents are involved, Young Living is required to provide notice to the Utah Office of the Attorney General and Utah Cyber Center.
If the personal information of more than 1000 Utah residents are involved, Young Living is required to
provide notification to each consumer reporting agency that compiles and maintains files on consumers on a nationwide basis.
Given Young Living is not requesting to public requests for information about the breach, it is unclear whether the company is following Utah law.
BehindMLM has not heard of any Utah residents being informed their Young Living account data has been breached.