Telehealth big Hims & Hers Well being is warning that it suffered a data breach after help tickets have been stolen from a third-party customer support platform.
Hims & Hers is an American telehealth firm specializing within the direct-to-consumer healthcare area, offering subscription-based therapies for hair loss, ED, psychological well being, skincare, weight reduction, and different circumstances or wants.
It is without doubt one of the most profitable U.S. manufacturers within the on-line pharmacy and telehealth area, with sturdy advertising presence, and annual revenues near $1 billion.
In accordance with a pattern of the notification shared with the authorities in California, the data breach occurred in early February 2026.
“On February 5, 2026, Hims & Hers, Inc. grew to become conscious of suspicious exercise affecting our third-party customer support platform,” reads the letter despatched to impacted people.
“We promptly took steps to safe our customer support platform and initiated an investigation into the character and scope of the potential security incident.”
“The investigation decided that from February 4, 2026, to February 7, 2026, sure tickets despatched to our customer support workforce have been accessed or acquired with out authorization.”
Following an inner investigation, the corporate decided, on March 3, that hackers had accessed help tickets that, in some circumstances, contained private data.
The uncovered data might embrace names, contact data, and different unspecified knowledge, possible associated to the help request submitted in every case.
The corporate underlined that no medical information or physician communications have been compromised on this incident.
Whereas the corporate didn’t share additional particulars, BleepingComputer realized final month that the ShinyHunters extortion gang carried out the breach.
The info was stolen as a part of a widespread marketing campaign by which risk actors compromised Okta SSO accounts to realize entry to third-party cloud storage companies and SaaS platforms to steal knowledge.
On this explicit assault, BleepingComputer was advised that the risk actors used the Okta SSO account to entry the His and Hers Zendesk occasion, the place they stole thousands and thousands of help tickets.
The corporate is now providing 12 months of free credit score monitoring companies to all impacted people.
Prospects are additionally inspired to take care of heightened vigilance towards unsolicited communications that will comprise phishing or social-engineering lures. Additionally, they’re suggested to evaluate account statements and monitor credit score studies for suspicious exercise.
BleepingComputer has reached out to the agency to request extra details about the incident and what number of clients have been impacted, however we’ve got not heard again by publication time.
Two current high-profile buyer help security breaches that led to shopper data breaches are these of DIY retailer chain ManoMano in February and Crunchyroll in March. In each these circumstances, the compromised platform was Zendesk.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, reveals the place protection ends, and offers practitioners with three diagnostic questions for any device analysis.
