Hims & Hers, the telehealth firm that sells weight-loss medicine and sexual well being prescriptions, has confirmed a data breach affecting its third-party customer support platform.
The healthcare firm mentioned in a data breach discover filed with the California lawyer normal’s workplace on Thursday that the hackers stole information about consumer requests despatched to the corporate’s buyer assist crew. The corporate mentioned hackers broke into its third-party ticketing system between February 4 and February 7 and stole reams of assist tickets, which contained private data submitted by prospects.
The data breach discover mentioned the hackers took buyer names and phone data, in addition to different unspecified private information that Hims & Hers left redacted within the letter.
Though the corporate says buyer medical information weren’t affected by the breach, the character of buyer assist programs implies that the info could include delicate details about an individual’s account, private data, and healthcare.
It’s not but identified what number of people had private data compromised within the hack. Below California regulation, corporations are required to reveal data breaches involving 500 or extra state residents.
Jake Martin, a spokesperson for Hims & Hers, advised information.killnetswitch in an announcement the corporate was hit by a social engineering assault, through which hackers trick workers into granting entry to their programs. The spokesperson mentioned the stolen information “primarily included buyer names and e-mail addresses.” The corporate didn’t say what particular sorts of information had been taken, when requested by information.killnetswitch.
The corporate wouldn’t say if it has acquired any communication from the hackers, equivalent to a requirement for cash.
In latest months, buyer assist and ticketing programs have turn into wealthy targets for financially motivated hackers, who’ve raided databases containing buyer data and extorted corporations into paying a ransom.
Final 12 months, Discord had a data breach that affected its buyer assist ticketing system and uncovered the government-issued IDs of round 70,000 individuals who had submitted their driver’s licenses and passports to the corporate to confirm their age.
