Hims & Hers, a telehealth company that sells slimming drugs and sexual health prescriptions, has confirmed a data breach affecting its third-party customer service platform.
This was reported by the healthcare company data breach notification Hackers stole data about user inquiries sent to the company’s customer support team, the California Attorney General’s Office said Thursday. The company said that between February 4 and February 7, hackers breached its third-party ticketing system and stole batches of support tickets containing personal information provided by customers.
The data breach notice says the hackers took customer names and contact information, as well as other vague personal information that Hims & Hers redacted in the letter.
While the company says customer medical records were not affected by the breach, the nature of its customer support systems means the data may contain sensitive information about a person’s account, personal information and health.
It is not yet known how many people’s personal information was stolen during the hack. Under California law, companies must disclose data breaches involving 500 or more state residents.
Jake Martin, a spokesperson for Hims & Hers, told TechCrunch that the company suffered a social engineering attack in which hackers tricked employees into giving them access to their systems. A spokesman said the stolen data “mainly contained customer names and email addresses”. The company did not say what type of data it received when asked by TechCrunch.
The company would not say whether it received any information from the hackers, such as a demand for money.
In recent months, customer support and ticketing systems have become rich targets for financially motivated hackers who raid databases containing customer information and extort companies to pay ransoms.
Last year it was Discord data breach it affected its customer support ticketing system and exposed the government-issued IDs of nearly 70,000 people who had submitted their driver’s licenses and passports to the company to verify their ages.
