Hims & Hers, a telehealth company offering weight-loss drugs and sexual health prescriptions, has confirmed a data breach affecting its customer service platform. According to a data breach notice filed with the California attorney general’s office, hackers accessed the company’s third-party ticketing system between February 4 and February 7, stealing support tickets with customer-submitted personal information.
The breach exposed customer names, contact information, and other unspecified personal data, though customer medical records were reportedly unaffected. The data, however, may still include sensitive account and personal information due to the nature of support systems.
It remains unclear how many individuals are impacted, but California law mandates disclosure when 500 or more residents are affected. Hims & Hers spokesperson Jake Martin stated the breach resulted from a social engineering attack that tricked employees into providing system access, and that primarily customer names and email addresses were taken. The company did not comment on communication from hackers or ransom demands.
Customer support systems have increasingly become targets for hackers looking to access customer databases and extort companies. Last year, Discord suffered a similar data breach exposing government-issued IDs of around 70,000 individuals via its support ticketing system.