Hims & Hers Hit by Data Breach via Zendesk Vulnerability

Health and wellness company Hims & Hers has alerted customers to a potential data breach following a security incident affecting its third-party customer support platform, Zendesk. The breach, which occurred between April 10 and April 17, 2024, may have exposed sensitive customer information.

According to Hims & Hers, the unauthorized access was limited to specific customer support interactions. The compromised data could include names, contact details (email addresses and phone numbers), dates of birth, and in some cases, treatment information or prescription details. The company emphasized that financial information and Social Security numbers were not affected. The incident underscores the critical importance of supply chain security, as a vulnerability in a trusted vendor can have direct and significant repercussions for their clients.

Zendesk has since stated that it has implemented measures to address the vulnerability and prevent further unauthorized access. Hims & Hers is advising affected customers to remain vigilant against potential phishing attempts and to monitor their accounts for any suspicious activity. This event serves as a stark reminder for organizations to rigorously vet their third-party vendors and to maintain robust data protection protocols across their entire digital ecosystem.