Our reviewers research, test, and recommend the best subscriptions and products independently; click to learn more about our editorial guidelines. We may receive commissions on purchases made through links on our site.
A few MSA readers mentioned getting a letter from Julep about their credit card info potentially being stolen, so I reached out to Julep to get more information. Here is their official statement:
Between November 6th and 8th, a 3rd party hacker was able to divert certain customer’s data entered on our website from our normal tokenized payment data pathway into a pathway created by the hacker. Only new customers or customers that updated payment during that time were impacted. We acted as quickly as possible, blocked the hacker’s access to our system, removed the vulnerability from our website and ran security scans across our system to confirm we did not see other known risks. We’re taking additional steps intended to reduce the chances of this happening again, including reviewing our security practices and procedures. As well as offering the small group of impacted customers credit monitoring services.
Julep takes privacy of our customers very seriously, and we strive to have safeguards in place to protect our customers. Since the data breach, we have taken additional steps intended to reduce the chances of this happening. We sincerely apologize for any inconvenience this causes our customers and have arranged to identify theft protection services to affected customers.
Please reach out to Julep Customer Care if you have any questions: (877) 651-3292
Liz is the founder of My Subscription Addiction. She's been hooked on subscription boxes since 2011 thanks to Birchbox, and she now subscribes to over 100 boxes. Her favorites include POPSUGAR Must Have, FabFitFun, and any box that features natural beauty products!
Liz is the founder of My Subscription Addiction. She's been hooked on subscription boxes since 2011 thanks to Birchbox, and she now subscribes to over 100 boxes. Her favorites include POPSUGAR Must Have, FabFitFun, and any box that features natural beauty products!
Join the Conversation
Please do not enter your email address in the Name field or in the comment content. Your email address will not be published. Required fields are marked *. Remember to post with kindness and respect. Comments with offensive language, cruelness to others, etc will not be approved. See our full comment policy here.
For everyone upset about not being notified about the hack for over a month, by comparison, there was a Yahoo hack of ONE BILLION accounts in 2013 and they just notified people yesterday.
Sometimes these things take time to catch.
Reply
Judy
I received an email last month stating I needed to update my billing info, which I thought was strange since I use PayPal and all my info hadn’t changed, so I ignored it. But then I never got billed…I didn’t really need the box so I said oh well I’ll look into it next time. Seeing this though makes me question it again!
Reply
Marie
Me too.I use pay pal. No info changed.
Reply
Marissa
I was a member already, no charges or hack for me 🙁 that ducks for everyone who had their account hacked
Reply
Dee
Ok…so am I the only one who did not receive notification about this? Dang…unsubscribed.
Reply
Brenn Goodman
I never recieved a notice either. I recieved an email saying my cardad on file was about to expire and I needed to update! Now this makes me worried and upset. As it is Julep totally screwed up my subscription. I changed the one I normally get and updated it to one that cost $15 more. I recieved none of it but, my add-ons. Reached out to Julep but still waiting to hear back!
Reply
Kerri
I subscribed on the 8th. I noticed earlier today the charge hadn’t processed. Luckily I paid with PayPal, and I immediately went and changed my password when I saw this. I haven’t received any info from julep either
Reply
flingo
My credit card company alerted me right away and reversed the fraudulent charges. It’s a pain, but it’s a fact of life in our 21st century world. I don’t hold it against Julep.
Honestly if I stopped shopping at every store where my card has been hacked, I’d have nowhere left to shop at all. I mean….I’d have to give up Target. THAT’S NO WAY TO LIVE, MAN. 😉
Reply
Ragan
Yeah, I feel the same way. Target is about the only place around here where I can get the kitty litter I need (MUST be unscented or Monkey will have an allergic reaction, and I find only the Fresh Step will do). And yeah, I was hacked then too.
Reply
Jewelcat
Hi Ragan, I saw the unscented Fresh Step at BJ’s when I was there a couple weeks ago. You will need a strongman to help get the humongous bag to your car but they have it!
Heathery
I don’t think most people are upset that the hack HAPPENED, but rather in how Julep failed to address it for over a month after its occurrence. For example, a couple years ago, Target’s system was hacked on Black Friday. I received a notice two days later. They didn’t hesitate to let us know what had happened. Julep waited far too long to say something.
Reply
Shawn
I agree 100%. I cancelled my subscription today.
Reply
S
I think it’s impressive that they determined the exact dates & customers that were affected. I realize that it’s a huge inconvenience for anyone who was affected, but I, for one, am really grateful that they did such due diligence to determine that it wasn’t every single account that was hacked.
Reply
S
Also, thank you Liz for reaching out to them to get the whole story.
Reply
Lenya
They are offering free monitoring services, but they also recommended that we freeze our credit account, the cost of which varies by state, and they are not covering those fees.
I agree with what people are saying about how Julep isn’t to blame for being hacked, but I think they could have handled the situation better and notified affected customers much more quickly.
Reply
Connie Ward
Whelp, that explains how my card number was stolen and $780 worth of makeup charges from colourpop were made.
Reply
Caroline
Thanks to MSA for letting us know.. Even if we had no activity on the exact dates, I wish companies would give you a heads up so you can be more vigilant.
Reply
Samantha
I recently subscribed, but luckily, on November 20th, so it sounds like they had established more secure practices by then. People should not be quick to blame Julep for the hack because this stuff happens all the time. There are some hackers that are extremely good at hacking even some of the most secure sites. All over the news, we are hearing that Russian hacks might have influenced the Presidential election. I think over the past year alone, LinkedIn, Yahoo, and Etsy were all hacked at some point. This sucks for anyone affected, but this stuff happens all the time. Julep was in the wrong for waiting so long to release a statement, but they didn’t necessarily have practices that weren’t secure that caused this.
Reply
nana
I like how they mentioned it was a “third party” hacker 🙂
Reply
Ragan
At least they didn’t claim it could’ve been some 400 guy in his bed…
Reply
Ragan
400 pound guy. Can’t type and eat at the same time…
Dea
Right! As opposed to an in-house hacker, who, per definition, would have no need to hack. LOL
Reply
Alice
Eh I don’t love julep but I’ll defend them on this: it’s not really their fault. This is why you as a customer of ANY internet based websites must be vigilant in tracking your bank. It can happen to anyone
Reply
Samantha
Agreed! I look at my online checking account nearly every day.
Reply
Amber P
I agree – this happens to companies everyday at this point. I understand people are upset about the length of time it took for them to say something about it, but if you’re diligent about checking your accounts (as you should be) you would’ve caught anything wonky happening to your account by now and I suspect because it was such a small population of people they probably wanted to really pin point a time and figure out who was effected (which they did – any new customer between November 6th and 8th) instead of sending their entire customer base in a really inconvenient frenzy, especially around the holiday season when shopping is at an all time high.
Unsubscribe all you want to friends but the lesson here is to monitor your accounts or find alternative ways to pay for online purchases.
Reply
Sara
Agreed I used to be a contractor for Homeland Security and their database got hacked more times than I can count for being Homeland Security. We had to run our credit checks, make sure they hadn’t opened new credit cards in our names or something funky.
Reply
Brittnay
So the breach was only between the 6th and 8th? I joined Julep on November 3rd. Ugh this makes me want to unsubscribe 😑
Reply
Joy
Glad I had already unsubscribed!
Reply
Our reviewers research, test, and recommend the best subscriptions and products independently; click to learn more about our editorial guidelines. We may receive commissions on purchases made through links on our site.
Please do not enter your email address in the Name field or in the comment content. Your email address will not be published. Required fields are marked *. Remember to post with kindness and respect. Comments with offensive language, cruelness to others, etc will not be approved. See our full comment policy here.