Home
>
Data Breach>Thorne Research

Thorne Research Cyber Attack Exposes Consumer PII

Published
September 12, 2025
Updated
September 12, 2025
Thorne Research Cyber Attack Exposes Consumer PII
Thorne Research
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Thorne Research

data breach?

Join the Lawsuit

It's free to join. 

Thorne Research experienced a cybersecurity incident impacting user data. On July 10, 2025, the company discovered that some Thorne.com accounts were accessed by an unauthorized actor. An investigation took place and it was determined that a cybercriminal used valid login credentials to access some user accounts.

The username and password credentials were not obtained through a data breach at Thorne research, but from a data breach that occurred at another company. According to the Thorne disclosure, because many individuals reuse passwords across multiple services, the attacker was able to use these stolen credentials to gain access to user information on the Thorne.com website.

User information accessed through the incident includes names, dates of birth, last four digits of credit card numbers on file, and health profile information which could include height, weight, health conditions, medications, and sleep, exercise, and diet habits. Thorne began notifying affected individuals by mail on Sept. 11, 2025.

Thorne also disclosed the incident to the Vermont Attorney General's office on Sept. 12, 2025. The severity of the privacy violation is notable due to the sensitivity of the information involved and the trust consumers place in health and wellness companies.

Thorne Research's response

Upon discovering the breach, Thorne Research initiated an internal investigation and implemented enhanced security measures designed to prevent similar unauthorized access in the future. The company also initiated a forced password reset for all impacted users and has reminded account holders to reset passwords regularly.

If you receive a notice or believe your personal information may have been compromised in this breach:

  • Carefully review any notice or communication you receive from Thorne regarding your account and reset your password.
  • Monitor financial accounts and credit reports for signs of identity theft.
  • Consider placing fraud alerts or credit freezes with the major credit bureaus.
  • Be cautious of unsolicited emails or phone calls requesting personal information.

More information about the company can be found on the Thorne Research website.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Sources

Disclosures

Breach Summary

Affected Entity
Thorne Research
Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
Information Types Exposed

Data Breach Settlements

Communication Federal Credit Union Data Breach Settlement
JSP International Group Data Breach Class Action Settlement
Willis-Knighton Medical Center Patient Privacy Settlement
Transak USA $601,000 Data Breach Class Action Settlement
Medical Associates of Brevard Data Breach Settlement
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image

What to Read Next

JFS Wealth Advisors Data Breach Affects 865 Residents
October 30, 2025
JFS Wealth Advisors Data Breach Affects 865 Residents
Roger Keith & Sons Data Breach Affects Client PII & PHI
October 30, 2025
Roger Keith & Sons Data Breach Affects Client PII & PHI
Rogers Mechanical Data Breach Affects PII and PHI
October 30, 2025
Rogers Mechanical Data Breach Affects PII and PHI
Newk's Data Breach Impacts Thousands
October 29, 2025
Newk's Data Breach Impacts Thousands