Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform.
Hims & Hers is an American telehealth company specializing in the direct-to-consumer healthcare space, providing subscription-based treatments for hair loss, ED, mental health, skincare, weight loss, and other conditions or needs.
It is one of the most successful U.S. brands in the online pharmacy and telehealth space, with strong marketing presence, and annual revenues close to $1 billion.
According to a sample of the notification shared with the authorities in California, the data breach occurred in early February 2026.
“On February 5, 2026, Hims & Hers, Inc. became aware of suspicious activity affecting our third-party customer service platform,” reads the letter sent to impacted individuals.
“We promptly took steps to secure our customer service platform and initiated an investigation into the nature and scope of the potential security incident.”
“The investigation determined that from February 4, 2026, to February 7, 2026, certain tickets sent to our customer service team were accessed or acquired without authorization.”
Following an internal investigation, the company determined, on March 3, that hackers had accessed support tickets that, in some cases, contained personal information.
The exposed information may include names, contact information, and other unspecified data, likely related to the support request submitted in each case.
The company underlined that no medical records or doctor communications were compromised in this incident.
While the company did not share further details, BleepingComputer learned last month that the ShinyHunters extortion gang conducted the breach.
The data was stolen as part of a widespread campaign in which threat actors compromised Okta SSO accounts to gain access to third-party cloud storage services and SaaS platforms to steal data.
In this particular attack, BleepingComputer was told that the threat actors used the Okta SSO account to access the His and Hers Zendesk instance, where they stole millions of support tickets.
The company is now offering 12 months of free credit monitoring services to all impacted individuals.
Customers are also encouraged to maintain heightened vigilance against unsolicited communications that may contain phishing or social-engineering lures. Also, they are advised to review account statements and monitor credit reports for suspicious activity.
BleepingComputer has reached out to the firm to request more information about the incident and how many customers have been impacted, but we have not heard back by publication time.
Two recent high-profile customer support security breaches that led to client data breaches are those of DIY store chain ManoMano in February and Crunchyroll in March. In both these cases, the compromised platform was Zendesk.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
