2 weeks ago
12
Image Credits:Hims & Hers / record photo2:26 PM PDT · April 2, 2026
Hims & Hers, the telehealth institution that sells weight-loss drugs and intersexual wellness prescriptions, has confirmed a information breach affecting its third-party lawsuit work platform.
The healthcare institution said successful a data breach announcement filed with the California lawyer general’s bureau connected Thursday that the hackers stole information astir idiosyncratic requests sent to the company’s lawsuit enactment team. The institution said hackers broke into its third-party ticketing strategy betwixt February 4 and February 7, and stole reams of enactment tickets, which contained idiosyncratic accusation submitted by customers.
The information breach announcement said the hackers took lawsuit names and interaction information, arsenic good arsenic different unspecified idiosyncratic information that Hims & Hers near redacted successful the letter.
Although the institution says lawsuit aesculapian records were not affected by the breach, the quality of lawsuit enactment systems means that the information whitethorn incorporate delicate accusation astir a person’s account, idiosyncratic information, and healthcare.
It’s not yet known however galore individuals had idiosyncratic accusation compromised successful the hack. Under California law, companies are required to disclose information breaches involving 500 oregon much authorities residents.
Jake Martin, a spokesperson for Hims & Hers, told TechCrunch successful a connection the institution was deed by a societal engineering attack, successful which hackers instrumentality employees into granting entree to their systems. The spokesperson said the stolen information “primarily included lawsuit names and email addresses.” The institution did not accidental what circumstantial types of information were taken, erstwhile asked by TechCrunch.
The institution would not accidental if it has received immoderate connection from the hackers, specified arsenic a request for money.
Customer enactment and ticketing systems person go affluent targets for financially motivated hackers successful caller months, by raiding databases containing lawsuit information, and extorting companies into paying a ransom.
Last year, Discord had a information breach that affected its lawsuit enactment ticketing strategy and exposed the government-issued IDs of astir 70,000 radical who had submitted their driver’s licenses and passports to the institution to verify their age.
Zack Whittaker is the information exertion astatine TechCrunch. He besides authors the play cybersecurity newsletter, this week successful security.
He tin beryllium reached via encrypted connection astatine zackwhittaker.1337 connected Signal. You tin besides interaction him by email, oregon to verify outreach, astatine zack.whittaker@techcrunch.com.
English (US) ·