Hims & Hers Confirms Data Breach Affecting Customer Service Platform
Hims & Hers, the telehealth provider known for offering weight-loss medications and sexual health prescriptions, has reported a data breach involving its third-party customer service platform. The company disclosed the incident in a report submitted to the California Attorney General’s office, which highlights the unauthorized access to customer support data.
Details of the Breach and Impact on User Data
According to the notification filed on Thursday, hackers infiltrated the company’s third-party ticketing system between February 4 and February 7, gaining access to a significant number of support tickets that contained customer-submitted personal information. This breach raises concerns over the potential exposure of sensitive data as a result of the attack.
Scope of Compromised Data
The notice indicated that the compromised data includes customer names, contact information, and other unspecified personal details that Hims & Hers chose to redact in its communication. Although the company asserts that customer medical records remain intact, the nature of support systems typically involves sensitive information related to individuals’ accounts and healthcare details.
Get fintech insights, deals, and updates before everyone else
Join 1,000+ fintech professionals
Unclear Extent of Compromise
At this moment, it remains uncertain how many individuals may have had their personal information compromised in this incident. California law mandates that companies disclose data breaches affecting 500 or more residents, ensuring transparency for affected customers.
Nature of the Attack Identified
Jake Martin, a spokesperson for Hims & Hers, characterized the incident as a social engineering attack. This method often involves deceiving employees into providing unauthorized access to company systems. Martin stated that the stolen information primarily comprised customer names and email addresses, though the company did not provide further specific details when queried.
No Ransom Demand Reported
Additionally, Hims & Hers has not disclosed whether it has received any communications from the hackers, including any ransom demands. The absence of such information raises questions about the attack’s motives and potential future risks associated with the breach.
Rising Threats to Customer Support Systems
In recent months, customer support and ticketing systems have become increasingly attractive targets for financially motivated cybercriminals. These attackers have sought to exploit vulnerabilities in databases containing sensitive customer information, often leading to extortion attempts against companies. A notable example occurred last year when Discord experienced a data breach that compromised its customer support ticketing system, resulting in the exposure of government-issued IDs for approximately 70,000 users.