Telehealth leader Hims & Hers reports that its customer support platform has been breached.

Telehealth leader Hims & Hers reports that its customer support platform has been breached.

sparta

Hims & Hers, the telehealth firm offering weight-loss medications and sexual health prescriptions, has acknowledged a data breach impacting its external customer service system.

The healthcare organization stated in a breach notification submitted to the California attorney general on Thursday that cybercriminals accessed data regarding user inquiries directed to the company’s support team. The firm reported that hackers infiltrated its third-party ticketing platform between February 4 and February 7, resulting in the theft of numerous support tickets containing personal information provided by customers.

According to the data breach notice, the hackers acquired customer names and contact details, along with other unspecified personal information that Hims & Hers opted to redact in the correspondence.

While the company claims that customer medical records were unaffected, the nature of support systems implies that the data may include sensitive details regarding an individual’s account, personal information, and healthcare.

It remains unclear how many individuals had their personal information compromised in the incident. California law mandates that organizations disclose data breaches affecting 500 or more residents of the state.

Jake Martin, a representative for Hims & Hers, informed TechCrunch in a statement that the company experienced a social engineering attack, where hackers deceive employees into providing access to their systems. The spokesperson mentioned that the stolen data “mainly consisted of customer names and email addresses.” The company did not specify the exact types of data that were taken when asked by TechCrunch.

The company declined to comment on whether it has received any communications from the hackers, including ransom demands.

Recently, customer support and ticketing systems have become lucrative targets for financially motivated cybercriminals, who have compromised databases containing customer information and coerced companies into paying ransoms.

Last year, Discord experienced a data breach that impacted its customer support ticketing platform and revealed government-issued IDs of approximately 70,000 individuals who had submitted their driver’s licenses and passports to verify their age.