- Breach of customer service tickets exposed with personal data
- Medical records and provider communications are not affected
- Company offering free credit monitoring and identity restoration
US telehealth giant Hims & Hers has confirmed that it recently suffered a cyberattack in which it lost sensitive customer information.
In a breach notification letter filed with the California Attorney General’s Office, the company said it spotted the intrusion on February 5, 2026 and took steps to secure its infrastructure. Following a subsequent investigation, the company discovered that between February 4 and 7, an unidentified threat actor had accessed “certain tickets sent to our customer service team.”
Those tickets, affecting “a limited set of individuals,” contained personal information, Hims & Hers said, but did not go into detail. He said names and contact details were accessed as well as other data redacted in the letter.
Article continues below
No word on the attackers
“Customer medical records were not affected by this incident, nor were communications with healthcare providers on the platform,” the company said, adding that it is currently reviewing its policies and procedures to ensure that intrusions such as this do not occur in the future, and that federal law enforcement has been notified. Regulators will also be informed if necessary.
We do not know how many people were affected by this incident, but as TechCrunch According to reports, companies are required by law to issue a notification if more than 500 people are affected. Hims & Hers also offers free credit monitoring and identity restoration services for one year, through Cyberscout.
Hims & Hers did not specify how the breach occurred, and we do not know if they were contacted by the attackers. Usually, when scammers steal sensitive data, they offer to delete it in exchange for payment in crypto, but most victims refuse these offers.
No hacker group has yet claimed responsibility for this attack and the data has not yet appeared in the wild. Information generated by healthcare organizations is typically valuable to criminals, given its potential for abuse in phishing and identity theft attacks.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
