top of page

NMA, Retail Success Data Breach?

A video was published today by the owner and founder of MormonLeaks.io discussing the accidental discovery of confidential documents pertaining to the applications of LuLaRoe retailers to participate in the MLM program. (Link to view the video is HERE) Last year, LuLaRoe made it mandatory that any "retailer" that wished to continue selling their leggings and other clothing must apply for the merchant services provided by NMA- or National Merchant Alliance. In this, the retailer would be provided a credit card processing account and have access to funds by way of bank transfer or using their assigned "Bless" prepaid debit card. The user would transfer money from the account to the card as they liked. LuLaRoe saw massive pushback over the change, as many retailers had enrolled not expecting things like credit checks. LuLaRoe guaranteed the process and stated no one would be denied because they were the guarantors of the program. Both NMA and LuLaRoe advised the retailers that no credit inquiries would be done. This statement swiftly changed to "no HARD inquiries would be done" and then hundreds of retailers began to speak up as their credit had, in fact, been dinged by the application process. Some even claimed at the time that the inquiries hindered their opportunities to buy houses and cars. Shortly after, many retailers were also noticing identity theft and unauthorized purchases being made with the "Bless" cards. In many anti-LuLaRoe Facebook groups, angry retailers were putting two and two together that somehow these instances were becoming too common and were linked to the merchant agreement they signed with NMA and LuLaRoe. No official confirmation of this has been made to date. Today, Ryan McKnight of Mormon Leaks published a video with what appeared to be an application for an account with NMA that had been filled out by a LuLaRoe Retailer. The application had been discovered by an individual who wishes to remain anonymous. The source claims that they were simply looking up the NMA contract and information about it online and had typed a few simple words into Google. On the first page of results, they received- at position number eight- the link to view this one individual's (someone they didn't know) entire merchant application- complete with full bank account, social security number, full name, address, phone number, signature, and much more. Ryan confirmed the information and pulled the document up himself and then proceeded to make the video warning for anyone that may need to know their information is exposed. The anonymous discoverer of these documents noticed that the last several digits on the website url correlated to the application number. They tested their theory, selecting a random bunch of numbers and another person's full application popped up. They selected a new group of numbers, and again, another full application came up. Horrified, incensed and angry, they called NMA to report the breach. The good samaritan's efforts were at first not taken seriously, but within a few hours, the access to the documents was removed from web searches. I was given the links and unable to view the documents by direct link after the access had been revoked. HOWEVER, I was provided copies of the documents showing the full web address, confirming that the documents were being housed in what appears to be an online information portal for the company.(either NMA or Retail Success) I am NOT going to enclose portions of those documents here. Please understand I have several in my possession and due to the magnitude of the information these documents include, I do NOT wish to provide any portion of them for viewing. I have reached out to the individual whose application was the one that the websearch linked to. The retailer appears to still be active with LuLaRoe, and I will advise her of the issue when she responds. I will not be publishing her name. When I initially learned of all of this, I spoke with Mr. McKnight, and he explained that NMA confirmed the issue with him. That is when he made the video to warn the parties that could be (or may have already been) harmed by this breach. When I called NMA, however, my experience was extremely different. My call was answered by an "Alex" who patently denied the issue, citing that he "was getting a lot of calls about it" and there "was nothing to prove it happened". I told him that I had seen the documents myself. He then told me it's not his area, and I need to speak with Retail Success, their "sister company". I reached out to Retail Success and my call was answered by "Jen", who was less than thrilled to assist and at one point demanded that I speak with "Bless Support". I objected, as the issue wasn't with Bless. She did not offer any other option, gave me the Bless number and refused to transfer me anywhere else. I called Bless Support and spoke with "Don". I explained who I was, and he hung up the phone. I called back. After being first in line for 6 minutes, I left the phone on hold and dialed the same number from a second line. That line also told me I was first in line- but no one picked up either call after that. Disturbing, to say the very least. I then called Jen back at Retail Success and made it clear that I would be publishing the company's lack of cooperation in trying to find answers to the mess. I was then transferred to Kelly, the Executive Assistant- who was not at all aware of the breach but confirmed that two of the three available executives were in a meeting and one would return my call as soon as possible. I advised Kelly about the issues I experienced while trying to get to her- explaining that the situation is extremely unhelpful- imagine if she were one of the parties whose information was in this breach- and to be manipulated and forced to do a runaround on the phone like this. She agreed and assured me she would bring it up with the executives as soon as she could. I'm curious, as I'm sure many of you now are- as to how long this information as been accessible- who has been accessing it, and for what purpose? Is this the reason so many LuLaRoe retailers were experiencing identity theft and credit card fraud? Why would Bless Support be so unhelpful? A Google search of the repeat first in line message indicates that when this occurs, the call center may have turned off the ability to answer the lines, or turned off calls inward alltogether. The questions that I'm waiting for answers to from Retail Success are: 1. What purpose does storing these accounts online have? 2. Why was this information exposed? 3. How long was it exposed? 4. What steps are being taken by Retail Success to alert the retailers of the breach? 5. What steps are being taken to rectify the situation? I will update as I have more information to share.

Follow Us
Recent Posts
bottom of page