Hims & Hers Discloses Third-Party Data Breach Affecting Customer Support Tickets
Hims & Hers, a U.S.-based telehealth company, reported a data breach involving unauthorized access to its third-party customer service platform. The incident, detected on February 5, 2026, exposed personal information from service tickets submitted between February 4 and 7, 2026.
The breach targeted support requests managed by an external vendor, where customer interactions including names and contact details were accessed without authorization. The company confirmed on March 3, 2026, that a limited number of individuals were affected, though the total figure remains undisclosed. Notably, medical records and provider communications were not compromised.
Hims & Hers responded by securing the platform and launching an investigation. Affected individuals were notified via letters dated April 2, 2026, and offered 12 months of complimentary credit monitoring and identity restoration services through Cyberscout (a TransUnion subsidiary). The services include single-bureau credit monitoring, fraud alerts, and proactive assistance. Enrollment requires a unique code from the notification letter and must be completed within 90 days.
The company reported the breach to the California Attorney General and provided a dedicated support line (1-833-319-5614) and mailing address for inquiries. No further details on the breach’s origin or the threat actor involved have been released.
Source: https://www.claimdepot.com/data-breach/hims-hers-2026
hims & hers cybersecurity rating report: https://www.rankiteo.com/company/hims-&-hers
Crisp cybersecurity rating report: https://www.rankiteo.com/company/crisp-im
"id": "HIMCRI1775162652",
"linkid": "hims-&-hers, crisp-im",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Limited number (undisclosed)',
'industry': 'Telehealth',
'location': 'U.S.',
'name': 'Hims & Hers',
'type': 'Company'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': '12 months of complimentary credit monitoring and '
'identity restoration services (Cyberscout); '
'enrollment within 90 days via unique code',
'data_breach': {'personally_identifiable_information': 'Names, contact '
'details',
'sensitivity_of_data': 'Low to moderate (no medical records '
'or provider communications)',
'type_of_data_compromised': 'Personal information (names, '
'contact details)'},
'date_detected': '2026-02-05',
'date_publicly_disclosed': '2026-03-03',
'description': 'Hims & Hers reported a data breach involving unauthorized '
'access to its third-party customer service platform, exposing '
'personal information from service tickets submitted between '
'February 4 and 7, 2026.',
'impact': {'data_compromised': 'Personal information (names, contact details)',
'identity_theft_risk': 'Yes',
'systems_affected': 'Third-party customer service platform'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Hims & Hers Data Breach Notification'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Attorney General'},
'response': {'communication_strategy': 'Notification letters dated April 2, '
'2026; dedicated support line and '
'mailing address',
'containment_measures': 'Secured the platform',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Launched investigation, notified '
'affected individuals',
'third_party_assistance': 'Cyberscout (TransUnion subsidiary)'},
'title': 'Hims & Hers Third-Party Data Breach Affecting Customer Support '
'Tickets',
'type': 'Data Breach'}