AgelessRx Data Breach Exposes Sensitive Patient Health Information
AgelessRx, a telehealth platform focused on longevity and anti-aging treatments, recently disclosed a data breach that compromised sensitive patient health information. The company detected potential unauthorized access to its systems on April 22, 2026, prompting an investigation with third-party cybersecurity experts.
The breach occurred between April 17 and April 22, 2026, when an unauthorized actor accessed help-desk tickets containing patient data. On May 27, 2026, AgelessRx confirmed the exposed information included names, dates of birth, health diagnoses, medications, and treatment details. Earlier, on April 25, 2026, a threat actor under the alias "2019" claimed to be selling the stolen data, which reportedly included email addresses, physical addresses, phone numbers, medical conditions, allergies, and prescription details.
AgelessRx reported the breach to the attorneys general of California and Vermont on June 24, 2026, and began notifying affected individuals on June 23, 2026. The total number of impacted patients remains undisclosed.
In response, AgelessRx is offering 12 months of complimentary credit monitoring and identity restoration services through Experian IdentityWorks, including daily credit report monitoring, identity theft insurance, and access to restoration specialists. Affected individuals must enroll by September 30, 2026, using a unique activation code provided in their notification letters. Support is available via phone or mail.
Source: https://www.claimdepot.com/data-breach/agelessrx-2026
AgelessRx cybersecurity rating report: https://www.rankiteo.com/company/agelessrx
"id": "AGE1782427528",
"linkid": "agelessrx",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'AgelessRx',
'type': 'Telehealth Platform'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': '12 months of complimentary credit monitoring and '
'identity restoration services through Experian '
'IdentityWorks',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Health diagnoses',
'Medications',
'Treatment details',
'Email addresses',
'Physical addresses',
'Phone numbers',
'Medical conditions',
'Allergies',
'Prescription details']},
'date_detected': '2026-04-22',
'date_publicly_disclosed': '2026-05-27',
'description': 'AgelessRx, a telehealth platform focused on longevity and '
'anti-aging treatments, recently disclosed a data breach that '
'compromised sensitive patient health information. The breach '
'occurred between April 17 and April 22, 2026, when an '
'unauthorized actor accessed help-desk tickets containing '
'patient data. The exposed information included names, dates '
'of birth, health diagnoses, medications, treatment details, '
'email addresses, physical addresses, phone numbers, medical '
'conditions, allergies, and prescription details.',
'impact': {'brand_reputation_impact': 'Likely negative',
'data_compromised': 'Sensitive patient health information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Possible regulatory fines',
'systems_affected': 'Help-desk ticketing system'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'entry_point': 'Help-desk tickets'},
'investigation_status': 'Ongoing',
'motivation': 'Data Theft for Sale',
'references': [{'source': 'AgelessRx Data Breach Notification'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['California Attorney '
'General',
'Vermont Attorney '
'General']},
'response': {'communication_strategy': 'Notification to affected individuals '
'and regulatory bodies',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': '2019',
'title': 'AgelessRx Data Breach Exposes Sensitive Patient Health Information',
'type': 'Data Breach'}