Search

Hims & Hers Warns of Data Breach After Third-Party Customer Service Platform Incident

Cyber threats and incidents
By Evan Rowe

Related

Founders, Analysts & Industry Voices

Trump Budget Proposal Would Cut Hundreds of Millions More From CISA

What happened A new federal budget proposal would cut hundreds...
Read more
Founders, Analysts & Industry Voices

West Virginia Gives CISO Greater Authority to Lead Statewide Cybersecurity Program

What happened West Virginia approved legislation that gives the state’s...
Read more
Cyber threats and incidents

Internet-Connected Coffee Machine Reportedly Led to Corporate Data Breach

What happened An internet-connected coffee machine reportedly led to a...
Read more
Cyber threats and incidents

Hackers Claim Massive Forex Trading Data Leak Could Expose 438,000 User Records

What happened A claimed Forex data leak is raising concerns...
Read more
Cyber threats and incidents

Ransomware Attack on Vivaticket Disrupts Louvre and Major European Museums

What happened A ransomware attack on Vivaticket disrupted online reservations...
Read more

Share

What happened

Hims & Hers warned customers of a data breach after unauthorized access to support tickets stored on a third-party customer service platform. The company said it became aware of suspicious activity on February 5, 2026, and later determined that certain tickets sent to its customer service team were accessed or acquired without authorization between February 4 and February 7, 2026. On March 3, the company concluded that some of those tickets contained personal information. Hims & Hers said the exposed information may include names, contact information, and other data related to the support request submitted in each case. The company also said no medical records or doctor communications were compromised. It is now offering 12 months of free credit monitoring to affected individuals. 

Who is affected

The direct exposure affects Hims & Hers customers whose support tickets were stored in the affected third-party customer service platform during the unauthorized access window. The company has not publicly disclosed how many individuals were impacted, but it said some tickets contained personal information such as names and contact details. 

Why CISOs should care

This incident matters because it involves a third-party support platform that held customer-submitted information outside the company’s core clinical systems. It also shows how customer service workflows can become a breach point even when medical records and doctor communications are not involved, creating exposure around personal data, customer trust, and phishing risk. 

3 practical actions

  1. Review support-ticket data exposure: Confirm what categories of personal information are routinely included in customer support tickets and whether those platforms hold more sensitive data than intended. 
  2. Tighten third-party support platform oversight: Reassess access controls, monitoring, and incident response expectations for customer service providers that store user-submitted data. 
  3. Prepare for phishing follow-on risk: Alert affected users to watch for unsolicited messages and suspicious activity after a breach involving names, contact details, and support-related information. 

For more news about incidents involving exposure of personal information, click Data Breach to read more.

Previous article
LinkedIn Secretly Scans for More Than 6,000 Chrome Extensions and Collects Device Data
Next article
Die Linke Confirms Data Stolen in Qilin Ransomware Attack
Founders, Analysts & Industry Voices

Trump Budget Proposal Would Cut Hundreds of Millions More From CISA

What happened A new federal budget proposal would cut hundreds...
Founders, Analysts & Industry Voices

West Virginia Gives CISO Greater Authority to Lead Statewide Cybersecurity Program

What happened West Virginia approved legislation that gives the state’s...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.