Hims & Hers, a telehealth company, reported a data breach involving its customer support system, with hackers accessing personal information between February 4 and February 7, 2026.
Hims & Hers, a telehealth company specializing in weight loss medications and sexual health prescriptions, has confirmed a data breach affecting its third-party customer service platform. The company disclosed the incident in a notice filed with the California attorney general’s office on Thursday.
According to Hims & Hers, hackers infiltrated its third-party ticketing system between February 4 and February 7, stealing a significant number of support tickets that contained personal information submitted by customers. The breach notice indicated that the stolen data included customer names, contact information, and other unspecified personal details, which the company chose to redact in its communication.
While Hims & Hers assured customers that their medical records were not compromised, the nature of the customer support system means that the data could still contain sensitive information regarding individuals’ accounts and healthcare. The company has not disclosed the number of individuals affected by the breach. Under California law, companies must report data breaches that impact 500 or more residents of the state.
“Customer medical records were not impacted by this incident, and neither were communications with healthcare providers on the platform,” the company stated. Hims & Hers is currently reviewing its policies and procedures to prevent similar intrusions in the future and has notified federal law enforcement. The company will also inform regulators if required.
Jake Martin, a spokesperson for Hims & Hers, explained to TechCrunch that the breach was the result of a social engineering attack, where hackers deceived employees into granting access to their systems. He noted that the stolen data “primarily included customer names and email addresses.” However, the company did not specify the exact types of data taken when questioned by TechCrunch.
Additionally, Hims & Hers did not indicate whether it received any communication from the hackers, such as ransom demands. As of now, no hacking group has claimed responsibility for the attack, and the stolen data has not appeared publicly. Information generated by healthcare organizations is often highly sought after by criminals due to its potential for misuse in phishing and identity theft schemes.
In recent years, customer support and ticketing systems have become increasingly attractive targets for hackers. Financially motivated cybercriminals have been known to raid databases containing customer information and extort companies for ransom. For instance, last year, Discord experienced a data breach affecting its customer support ticketing system, which exposed government-issued IDs of approximately 70,000 individuals who had submitted their driver’s licenses and passports for age verification.
This incident underscores the growing risks associated with data security in the telehealth sector and highlights the importance of robust cybersecurity measures to protect sensitive customer information.
For more details, refer to TechCrunch.