Hims & Hers, the telehealth firm that sells weight-loss medication and sexual well being prescriptions, has confirmed an information breach affecting its third-party customer support platform.
The healthcare firm stated in an information breach discover filed with the California legal professional common’s workplace on Thursday that the hackers stole information about person requests despatched to the corporate’s buyer help workforce. The corporate stated hackers broke into its third-party ticketing system between February 4 and February 7 and stole reams of help tickets, which contained private info submitted by prospects.
The information breach discover stated the hackers took buyer names and get in touch with info, in addition to different unspecified private information that Hims & Hers left redacted within the letter.
Though the corporate says buyer medical information weren’t affected by the breach, the character of buyer help techniques signifies that the info could include delicate details about an individual’s account, private info, and healthcare.
It’s not but recognized what number of people had private info compromised within the hack. Below California regulation, firms are required to reveal information breaches involving 500 or extra state residents.
Jake Martin, a spokesperson for Hims & Hers, instructed TechCrunch in a press release the corporate was hit by a social engineering assault, wherein hackers trick workers into granting entry to their techniques. The spokesperson stated the stolen information “primarily included buyer names and e mail addresses.” The corporate didn’t say what particular forms of information had been taken, when requested by TechCrunch.
The corporate wouldn’t say if it has obtained any communication from the hackers, reminiscent of a requirement for cash.
In latest months, buyer help and ticketing techniques have turn out to be wealthy targets for financially motivated hackers, who’ve raided databases containing buyer info and extorted firms into paying a ransom.
Final yr, Discord had an information breach that affected its buyer help ticketing system and uncovered the government-issued IDs of round 70,000 individuals who had submitted their driver’s licenses and passports to the corporate to confirm their age.
