Hims & Hers Confirms Third-Party Customer Support System Breach

The digital healthcare landscape faces another security challenge. Hims & Hers, a prominent telehealth provider, has officially confirmed a data breach impacting its external customer service platform. This incident highlights the persistent vulnerabilities within third-party systems that handle sensitive user information.

According to a filing with the California attorney general’s office, unauthorized actors infiltrated the company’s third-party ticketing system over a four-day period in early February. Consequently, they exfiltrated a significant volume of support tickets submitted by customers. While the company states medical records were not accessed, the nature of support communications often contains a wealth of personal and account-specific details.

Scope and Nature of the Hims & Hers Data Breach

Building on this, the precise number of affected individuals remains undisclosed. California law mandates public disclosure for breaches involving 500 or more state residents, indicating the scale is likely substantial. The company’s notice confirms that stolen data included customer names and contact information. However, other categories of personal data were redacted in the public filing, leaving questions about the full extent of the exposure.

A company spokesperson attributed the incident to a social engineering attack. In such schemes, hackers manipulate employees into granting system access, bypassing technical safeguards. This method underscores that human factors remain a critical weak link in cybersecurity defenses, even for established companies.

What Information Was Compromised?

While Hims & Hers emphasizes that the data “primarily” included names and email addresses, the context is crucial. Support tickets for a telehealth service can contain sensitive inquiries related to medications, treatments, and personal health circumstances. Therefore, even without formal medical records, the breached data could paint a detailed and private picture of an individual’s health journey.

The Rising Threat to Customer Support Platforms

This incident is not isolated. In recent months, customer support and ticketing systems have become prime targets for financially motivated cybercriminals. These platforms are treasure troves of personal data, which can be used for identity theft, phishing campaigns, or extortion. For instance, a similar breach at Discord last year led to the exposure of government-issued IDs for tens of thousands of users.

The pattern is clear: attackers are shifting focus to the soft underbelly of corporate operations—the vendors and platforms managing customer interactions. This trend demands a reevaluation of how companies secure their entire digital ecosystem, not just their core applications.

Response and Ongoing Implications

As a result of the breach, affected customers should be on high alert for phishing attempts. Fraudsters often use stolen names and email addresses to craft convincing, targeted messages. Hims & Hers has not disclosed whether the hackers made any ransom demands, a common tactic following such intrusions.

For consumers, this event serves as a stark reminder. When sharing information with any service, it’s vital to consider where that data flows and who else might have access. The security of a company is only as strong as its weakest vendor. For more insights on protecting your digital health information, explore our guide on healthcare data privacy.

Ultimately, the Hims & Hers data breach exposes a critical vulnerability in modern business infrastructure. It reinforces the need for robust vendor risk management and continuous employee security training. As the telehealth sector grows, so too must its commitment to safeguarding the trust placed in it by patients. Companies must implement stringent access controls and multi-factor authentication, especially for systems handling sensitive data. Learn more about effective security protocols in our article on preventing social engineering attacks.

Critical Infrastructure Under Siege: The Multi-Million Pound Price of OT Downtime

For the guardians of the UK’s essential services, a cyber-attack is no longer just a data breach. It’s a direct assault on the physical world, with a staggering financial toll. A new study reveals a harsh reality: the vast majority of critical national infrastructure (CNI) providers are staring down potential OT downtime costs ranging from £100,000 to a crippling £5 million per incident.

The Staggering Financial Impact of OT Disruption

This means that for four out of five organisations in sectors like energy, transport, and manufacturing, a successful attack on their operational technology is a multi-million pound event. Building on this, the data shows the severity is not uniform. Alarmingly, nearly a quarter of all OT downtime incidents result in losses exceeding £1 million. For 6% of victims, the bill surpasses £5 million. This financial devastation explains why fear is a dominant emotion in security teams today.

Why Nation-State Fears Are Skyrocketing

Consequently, nearly two-thirds of cybersecurity leaders now cite nation-state attacks as their primary concern. This fear reflects a fundamental shift in the cyber threat landscape. “The objective has evolved,” explains Rob Demain, CEO of e2e-assure, the firm behind the research. “It’s not solely about stealing data for profit. Adversaries are now weaponising attacks to cripple operations and exert strategic pressure on the services society depends on.”

In essence, the impact in OT environments is immediate and tangible. Unlike IT systems that manage data, industrial systems control physical processes. A breach can halt production lines, disrupt power grids, or—most critically—compromise safety mechanisms. Therefore, the cost is measured not just in currency, but in real-world paralysis.

Geopolitical Tensions Amplify the Cyber Threat

Meanwhile, global instability is pouring fuel on this fire. Recent geopolitical events, such as tensions involving Iran, have heightened alert levels. While Iranian cyber capabilities may not match the scale of Russia or China, their intent and proven ability to hijack CNI networks are undeniable. In fact, intelligence agencies have warned of sustained campaigns where Iranian actors used techniques like password spraying to infiltrate critical sectors.

A UK parliamentary committee has previously stated that it is “unlikely” all domestic entities can detect or fend off such Iranian offensive cyber activity. This admission underscores a pervasive vulnerability. As a result, the threat is not hypothetical; it is a clear and present danger with a direct line to operational disruption.

The Visibility Gap: A Critical Weakness in OT Security

Despite the high stakes, a dangerous complacency exists. Over two-fifths of organisations admit they are “least concerned” about having visibility into their own OT network activity. This blind spot is a gift to attackers. Nation-states often breach IT systems via phishing or stolen credentials before pivoting silently into the more valuable OT environment. Without clear visibility, detecting this lateral movement is nearly impossible, hindering any effective response.

The data confirms this operational failing. Although some firms claim they can detect a breach within hours, a troubling 10% of large enterprises take over a year to fully remediate an incident. This prolonged exposure window allows attackers to embed themselves deeply, increasing the potential for catastrophic OT downtime costs.

The Expanding Attack Surface: Third-Party Risk

Furthermore, the risk extends far beyond an organisation’s own digital walls. Supply chain compromise has emerged as a major vector. Last year alone, 21% of mid-sized CNI organisations reported four or more security incidents linked to suppliers or third parties. This interconnectedness means a vulnerability in a small software vendor or service provider can become a backdoor into the nation’s most critical systems. For more on managing these complex risks, see our guide on third-party security frameworks.

Beyond Downtime: The Ripple Effects of an Attack

Ultimately, the consequences of an OT breach ripple far beyond immediate operational stoppages. For security leaders, reputational damage and loss of brand trust are top concerns, cited by 25% and 20% respectively. In smaller organisations, the impact is felt internally, with 37% highlighting staff turnover as a major issue following a severe incident. The trauma of a major attack can drive away skilled personnel, creating a secondary crisis.

This collective picture demands a paradigm shift. Protecting operational technology is no longer a niche IT concern; it is a core business continuity and national security imperative. Investing in specialised OT visibility, segmentation, and incident response is not an optional cost but a critical investment to avoid those multi-million pound OT downtime costs. To start building a more resilient posture, explore our resource on developing an OT security program.

In summary, the message from the front lines is clear. The UK’s critical infrastructure is in the crosshairs, and the price of failure is measured in millions and societal disruption. The time for enhanced vigilance and investment is now.

The entertainment and toy industry faces another major cybersecurity crisis as Hasbro grapples with a significant cyberattack that has disrupted operations across the global corporation. This incident highlights the growing vulnerability of major brands to sophisticated cyber threats.

Hasbro Cyberattack Timeline and Initial Response

On March 28, the Rhode Island-based corporation detected unauthorized access to its computer systems. The discovery prompted immediate action from Hasbro’s IT security team, who began shutting down affected systems to contain the breach.

However, the company’s Wednesday filing with the Securities and Exchange Commission reveals the severity of this situation. The Hasbro cyberattack has forced the toy manufacturer to implement emergency protocols that could extend recovery efforts for several weeks.

Company representatives acknowledge they’ve engaged external cybersecurity experts to assess the damage. Yet their continued efforts to “implement measures to secure business operations” suggests attackers may still have system access.

Business Impact and Operational Disruptions

Despite the security breach, Hasbro maintains it can fulfill customer orders and ship products through alternative processes. The company has activated business continuity plans designed to maintain core operations during the crisis.

Nevertheless, visible signs of the disruption appeared across Hasbro’s digital presence. Website sections displayed maintenance messages, indicating the extent of systems affected by this cyberattack incident.

As a result, investors received warnings about potential delays in normal business operations. The company estimates these interim measures will remain necessary throughout the recovery period.

Unknown Threat Actor and Attack Methods

The specific nature of the Hasbro cyberattack remains undisclosed. Company officials have not revealed whether this represents a ransomware incident, data theft operation, or another form of cyber intrusion.

This uncertainty extends to whether hackers have made contact with ransom demands. Spokesperson Andrea Snyder declined to discuss communication attempts or monetary requests from the threat actors.

In addition, the full scope of compromised data stays under investigation. Hasbro cannot yet confirm if customer information, employee records, or intellectual property suffered exposure during the breach.

Industry Context and Rising Cyber Threats

The entertainment sector increasingly attracts cybercriminal attention due to valuable intellectual property and extensive consumer databases. Major corporations like Sony and Disney have previously faced similar security challenges.

Recent automotive industry examples demonstrate the potential economic impact. The Jaguar Land Rover cyberattack in 2025 disrupted production lines for months, requiring government intervention to prevent supply chain collapse.

Therefore, Hasbro’s situation reflects broader cybersecurity risks facing large-scale manufacturers. The company’s portfolio includes globally recognized brands like Transformers, Monopoly, My Little Pony, and Dungeons & Dragons.

Recovery Outlook and Security Measures

Building on initial containment efforts, Hasbro continues working with cybersecurity professionals to restore normal operations. The company’s 5,000-plus workforce adapts to modified procedures during this transition period.

The timeline for complete system restoration remains uncertain. Management projections suggest several weeks before full operational capacity returns, depending on investigation findings and remediation complexity.

This extended recovery period underscores the sophisticated nature of modern cyberattacks. Companies must balance thorough security validation against operational pressure to resume normal business activities.

For organizations watching this situation unfold, the Hasbro cyberattack serves as another reminder that even established corporations with substantial resources face significant cybersecurity challenges in today’s threat landscape.