Hims & Hers, the telehealth company that sells weight-loss drugs and sexual health prescriptions, has confirmed an information breach affecting its third-party customer support platform.
The healthcare company said in a data breach notice filed with the California attorney general’s office on Thursday that the hackers stole data about user requests sent to the corporate’s customer support team. The corporate said hackers broke into its third-party ticketing system between February 4 and February 7 and stole reams of support tickets, which contained personal information submitted by customers.
The information breach notice said the hackers took customer names and make contact with information, in addition to other unspecified personal data that Hims & Hers left redacted within the letter.
Although the corporate says customer medical records weren’t affected by the breach, the character of customer support systems signifies that the information may contain sensitive details about an individual’s account, personal information, and healthcare.
It’s not yet known what number of individuals had personal information compromised within the hack. Under California law, firms are required to reveal data breaches involving 500 or more state residents.
Jake Martin, a spokesperson for Hims & Hers, told TechCrunch in an announcement the corporate was hit by a social engineering attack, wherein hackers trick employees into granting access to their systems. The spokesperson said the stolen data “primarily included customer names and email addresses.” The corporate didn’t say what specific varieties of data were taken, when asked by TechCrunch.
The corporate wouldn’t say if it has received any communication from the hackers, equivalent to a requirement for money.
In recent months, customer support and ticketing systems have change into wealthy targets for financially motivated hackers, who’ve raided databases containing customer information and extorted firms into paying a ransom.
Last yr, Discord had an information breach that affected its customer support ticketing system and exposed the government-issued IDs of around 70,000 individuals who had submitted their driver’s licenses and passports to the corporate to confirm their age.