Norwex USA Data Breach Exposes Personally Identifiable Info

Eco-friendly cleaning and personal care products company, Norwex USA, recently experienced a significant data breach that exposed sensitive personal information. The breach, disclosed to several state attorney general offices, occurred earlier this year and has affected individuals in multiple states.

According to the disclosures, the breach may have compromised a wide range of sensitive data, including:

• Names
• Social Security numbers
• Driver's license numbers
• Financial account information
• Payment card information
• Payroll details such as salaries, performance reviews, and claims
• Tax form information
• Medical information
• Health insurance information
• Dates of birth
• Mailing addresses

The breach was reported to the California Attorney General's office on December 27, 2024, and to the Massachusetts Attorney General's office and South Carolina Attorney General's office on December 23, 2024.

The number of people affected by the breach can be assumed to be significant due to the disclosure to the South Carolina AG's office. The SC AG requires disclosure if the number of people affected in the state exceeds one thousand people.

The breach's severity stems from the type of data exposed, which includes highly sensitive information such as Social Security numbers and financial details. While the exact method of the breach has not been disclosed, Norwex has taken steps to investigate and secure its systems.

Norwex's Response

In response to the breach, Norwex USA activated its incident response and business continuity protocols to contain the situation. The company immediately launched an investigation with the assistance of external cybersecurity experts and reported the incident to law enforcement.

To prevent further unauthorized access, Norwex disabled certain system features and implemented enhanced security measures across the organization. The company has been working diligently to restore its systems securely and return to normal operations.

Additionally, Norwex is offering affected individuals two years of free identity monitoring services through Identity Defense. This service includes identity protection support and assistance with resolving identity theft issues. Impacted individuals can enroll in these services by visiting Identity Defense's enrollment page and using their unique activation code provided in the notice.

Affected by the Norwex USA data breach?

If you believe your information may have been compromised in this breach, it is important to take immediate action to protect yourself. Here are recommended steps:

1. Enroll in identity monitoring services: Take advantage of the free two-year Identity Defense service offered by Norwex. The enrollment deadline is March 25, 2025. Visit Identity Defense's enrollment page to sign up.
2. Monitor your financial accounts: Regularly review your bank statements, credit card accounts, and other financial records for any unauthorized transactions.
3. Check your credit reports: U.S. residents are entitled to one free credit report annually from each of the three major credit bureaus. Visit Annual Credit Report to access your reports and look for any unfamiliar activity.
4. Consider placing a fraud alert or security freeze: Contact the three major credit bureaus—Experian, Equifax, and TransUnion—to place a fraud alert or security freeze on your credit file. These measures can help prevent unauthorized access to your credit.
5. Remain vigilant: Be cautious of phishing attempts, suspicious emails, or phone calls requesting personal information. Verify the identity of anyone asking for sensitive data.
6. Report identity theft: If you suspect that your information has been misused, report it to the Federal Trade Commission (FTC) at IdentityTheft.gov and consider filing a police report.