Hims & Hers Health has notified customers of a data breach occurring in early February 2026 after unauthorized actors accessed support tickets on a third-party platform. While medical records and doctor communications remained secure, the incident exposed personal details like names and contact information for a segment of the telehealth company's user base.
The prominent American telehealth provider Hims & Hers recently disclosed a security incident involving its customer service infrastructure. Known for its subscription-based treatments for conditions ranging from hair loss to mental health, the company discovered suspicious activity on a third-party platform it uses for managing customer inquiries. An investigation later confirmed that hackers gained access to specific support tickets between February 4 and February 7, 2026.
According to notifications sent to affected individuals and state authorities, the breach resulted in the exposure of personal data. The compromised information typically included customer names and contact details, along with the specific content of the support requests themselves. Despite the sensitivity of these tickets, the company has clarified that core medical records and direct communications with healthcare providers were not part of the data stolen during the attack.
The breach has been linked to the ShinyHunters extortion group, which reportedly utilized a broader campaign targeting Okta SSO accounts to gain entry into various cloud services. In this specific instance, the threat actors used compromised credentials to access the company's Zendesk instance. Reports suggest that this method allowed the attackers to acquire a significant volume of support tickets, mirroring similar recent security failures at other large retail and streaming organizations.
In response to the incident, Hims & Hers has begun offering a year of complimentary credit monitoring services to those whose data was accessed. The company is advising its customers to be particularly cautious regarding unsolicited emails or phone calls, as the stolen information could be used for phishing attempts or social engineering. Users are also encouraged to review their financial statements and credit reports for any signs of unusual or unauthorized activity.
The company has not yet publicly confirmed the total number of individuals impacted by the breach, and inquiries for further details remain unanswered. This incident highlights a growing trend of cyberattacks targeting third-party customer service platforms to bypass the primary security layers of major brands. As the investigation continues, the firm maintains that it has taken the necessary steps to re-secure its support platform and mitigate future risks.
Source: https://oag.ca.gov/system/files/Hims%20%26%20Hers%2C%20Inc.%20-%20Notice%20of%20Data%20Event%20-%20CA_0.pdf