Hims & Hers Discloses Cyberattack Compromising Customer Data

Hims & Hers Discloses Cyberattack Compromising Customer Data

Hims & Hers, a prominent U.S.-based telehealth provider, has recently disclosed a cyberattack that compromised personal information from its customer support system. The incident, which occurred between February 4 and February 7, 2026, was detected on February 5 and promptly contained. However, an investigation revealed that unauthorized access was gained to certain customer service tickets containing names, contact details, and redacted data for a limited number of individuals. Importantly, medical records and communications with healthcare providers were not affected.

Details of the Breach

According to a breach notification letter filed with the Office of the California Attorney General, Hims & Hers identified suspicious activity on its computer network involving Zendesk, a third-party customer service platform. The company determined that, during the specified period, an unidentified threat actor accessed specific tickets sent to their customer service team. These tickets contained personal information, including names and contact information, as well as other data that was redacted in the letter.

While the exact number of affected individuals has not been disclosed, regulatory requirements suggest that more than 500 people may have been involved. The company has reported the incident to federal law enforcement and, where necessary, to regulators. As a precautionary measure, Hims & Hers is offering one year of free credit monitoring and identity restoration services through Cyberscout. Additionally, the company has pledged to strengthen its cybersecurity protocols to prevent future breaches. Notably, no hacking group has claimed responsibility for the attack, and the stolen data has not surfaced publicly.

Company Response and Mitigation Measures

In response to the breach, Hims & Hers has taken several steps to mitigate potential risks to affected individuals. The company has notified impacted customers and is providing them with resources to monitor and protect their personal information. The offer of free credit monitoring and identity restoration services aims to assist customers in detecting and responding to any unauthorized use of their information.

Furthermore, Hims & Hers is conducting a comprehensive review of its policies and procedures to enhance its cybersecurity measures. This includes evaluating the security of third-party platforms, such as Zendesk, to ensure that similar incidents do not occur in the future. The company emphasizes its commitment to safeguarding customer information and maintaining trust in its services.

Implications for the Telehealth Industry

This incident underscores the growing cybersecurity challenges faced by the telehealth industry. As healthcare services increasingly move online, the protection of sensitive patient information becomes paramount. Cyberattacks targeting telehealth providers can have significant consequences, including the potential for identity theft and financial fraud.

Healthcare organizations must prioritize robust cybersecurity measures, including regular security assessments, employee training, and the implementation of advanced threat detection systems. Collaborating with third-party vendors also necessitates stringent security protocols to ensure that all components of the service delivery chain are secure.

Conclusion

The cyberattack on Hims & Hers serves as a critical reminder of the importance of cybersecurity in the telehealth sector. While the company has taken swift action to address the breach and support affected customers, the incident highlights the need for continuous vigilance and improvement in protecting sensitive personal information. As the industry evolves, maintaining robust security measures will be essential to ensuring patient trust and the integrity of telehealth services.

For more information, you can refer to the original article on TechRadar: Hims and Hers reveal cyberattack — customer support system hacked and personal info stolen, here's what we know

Additionally, Edelson Lechtzin LLP is investigating data privacy claims arising from the Hims & Hers data breach: Data Breach Alert: Edelson Lechtzin LLP Investigates Hims & Hers, Inc. Data Breach