Thorne Research Cyber Attack Exposes Consumer PII

Thorne Research experienced a cybersecurity incident impacting user data. On July 10, 2025, the company discovered that some Thorne.com accounts were accessed by an unauthorized actor. An investigation took place and it was determined that a cybercriminal used valid login credentials to access some user accounts.

The username and password credentials were not obtained through a data breach at Thorne research, but from a data breach that occurred at another company. According to the Thorne disclosure, because many individuals reuse passwords across multiple services, the attacker was able to use these stolen credentials to gain access to user information on the Thorne.com website.

User information accessed through the incident includes names, dates of birth, last four digits of credit card numbers on file, and health profile information which could include height, weight, health conditions, medications, and sleep, exercise, and diet habits. Thorne began notifying affected individuals by mail on Sept. 11, 2025.

Thorne also disclosed the incident to the Vermont Attorney General's office on Sept. 12, 2025. The severity of the privacy violation is notable due to the sensitivity of the information involved and the trust consumers place in health and wellness companies.

Thorne Research's response

Upon discovering the breach, Thorne Research initiated an internal investigation and implemented enhanced security measures designed to prevent similar unauthorized access in the future. The company also initiated a forced password reset for all impacted users and has reminded account holders to reset passwords regularly.

If you receive a notice or believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Thorne regarding your account and reset your password.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

More information about the company can be found on the Thorne Research website.