Hims & Hers Suffers Customer Support Data Breach

Hims & Hers Hit by Data Breach Affecting Customer Support Platform

Telehealth company Hims & Hers has confirmed a data breach affecting its third-party customer service platform. The breach occurred between February 4 and February 7, during which hackers stole data about user requests sent to the company's customer support team.

Hims & Hers, the telehealth company that sells weight-loss drugs and sexual health prescriptions, has confirmed a data breach affecting its third-party customer support platform. The company said in a data breach notice filed with the California attorney general's office on Thursday that the hackers stole data about user requests sent to the company's customer support team. The company said hackers broke into its third-party ticketing system and stole reams of support tickets, which contained personal information submitted by customers.

Stolen Data May Contain Sensitive Information

The data breach notice said the hackers took customer names and contact information, as well as other unspecified personal data that Hims & Hers left redacted in the letter. Although the company says customer medical records were not affected by the breach, the nature of customer support systems means that the data may contain sensitive information about a person's account, personal information, and healthcare.

Social Engineering Attack Behind Breach

Jake Martin, a spokesperson for Hims & Hers, told TechCrunch in a statement the company was hit by a social engineering attack, in which hackers trick employees into granting access to their systems. The spokesperson said the stolen data "primarily included customer names and email addresses." The company did not say what specific types of data were taken, when asked by TechCrunch.

Recent Trends in Customer Support Data Breaches

In recent months, customer support and ticketing systems have become rich targets for financially motivated hackers, who have raided databases containing customer information and extorted companies into paying a ransom. Last year, Discord had a data breach that affected its customer support ticketing system and exposed the government-issued IDs of around 70,000 people who had submitted their driver's licenses and passports to the company to verify their age.