diff --git a/packages/medusa/src/api/routes/store/customers/reset-password.js b/packages/medusa/src/api/routes/store/customers/reset-password.js
index 4242e0e8f5..93dba48351 100644
--- a/packages/medusa/src/api/routes/store/customers/reset-password.js
+++ b/packages/medusa/src/api/routes/store/customers/reset-password.js
@@ -24,7 +24,9 @@ import jwt from "jsonwebtoken"
  */
 export default async (req, res) => {
   const schema = Validator.object().keys({
-    email: Validator.string().email().required(),
+    email: Validator.string()
+      .email()
+      .required(),
     token: Validator.string().required(),
     password: Validator.string().required(),
   })
@@ -34,23 +36,21 @@ export default async (req, res) => {
     throw new MedusaError(MedusaError.Types.INVALID_DATA, error.details)
   }
 
-  try {
-    const customerService = req.scope.resolve("customerService")
-    let customer = await customerService.retrieveByEmail(value.email)
+  const customerService = req.scope.resolve("customerService")
+  let customer = await customerService.retrieveByEmail(value.email, {
+    select: ["id", "password_hash"],
+  })
 
-    const decodedToken = await jwt.verify(value.token, customer.password_hash)
-    if (!decodedToken || customer.id !== decodedToken.customer_id) {
-      res.status(401).send("Invalid or expired password reset token")
-      return
-    }
-
-    await customerService.update(customer.id, {
-      password: value.password,
-    })
-
-    customer = await customerService.retrieve(customer.id)
-    res.status(200).json({ customer })
-  } catch (error) {
-    throw error
+  const decodedToken = jwt.verify(value.token, customer.password_hash)
+  if (!decodedToken || customer.id !== decodedToken.customer_id) {
+    res.status(401).send("Invalid or expired password reset token")
+    return
   }
+
+  await customerService.update(customer.id, {
+    password: value.password,
+  })
+
+  customer = await customerService.retrieve(customer.id)
+  res.status(200).json({ customer })
 }
diff --git a/packages/medusa/src/services/customer.js b/packages/medusa/src/services/customer.js
index bbe07131d7..8d36b07ce2 100644
--- a/packages/medusa/src/services/customer.js
+++ b/packages/medusa/src/services/customer.js
@@ -94,7 +94,16 @@ class CustomerService extends BaseService {
    * @return {string} the generated JSON web token
    */
   async generateResetPasswordToken(customerId) {
-    const customer = await this.retrieve(customerId)
+    const customer = await this.retrieve(customerId, {
+      select: [
+        "id",
+        "has_account",
+        "password_hash",
+        "email",
+        "first_name",
+        "last_name",
+      ],
+    })
 
     if (!customer.has_account) {
       throw new MedusaError(