Hims & Hers Warns of Data Breach After Third-Party Customer Service Platform Incident

Related

KDDI Confirms Zero-Day Exploit Behind Breach Affecting 12 Million People

What happened KDDI has updated its earlier breach disclosure, confirming...

Aflac Japan Data Breach Impacts 4.38 Million Customers and Agents

What happened Aflac Life Insurance Japan disclosed a data breach...

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

What happened Nissan disclosed a data breach affecting current and...

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

What happened Japanese telecommunications operator KDDI disclosed a data breach...

Xsolis Data Breach Affects 1.4 Million Individuals

What happened Healthcare technology company Xsolis disclosed a data breach...

Share

What happened

Hims & Hers warned customers of a data breach after unauthorized access to support tickets stored on a third-party customer service platform. The company said it became aware of suspicious activity on February 5, 2026, and later determined that certain tickets sent to its customer service team were accessed or acquired without authorization between February 4 and February 7, 2026. On March 3, the company concluded that some of those tickets contained personal information. Hims & Hers said the exposed information may include names, contact information, and other data related to the support request submitted in each case. The company also said no medical records or doctor communications were compromised. It is now offering 12 months of free credit monitoring to affected individuals. 

Who is affected

The direct exposure affects Hims & Hers customers whose support tickets were stored in the affected third-party customer service platform during the unauthorized access window. The company has not publicly disclosed how many individuals were impacted, but it said some tickets contained personal information such as names and contact details. 

Why CISOs should care

This incident matters because it involves a third-party support platform that held customer-submitted information outside the company’s core clinical systems. It also shows how customer service workflows can become a breach point even when medical records and doctor communications are not involved, creating exposure around personal data, customer trust, and phishing risk. 

3 practical actions

  1. Review support-ticket data exposure: Confirm what categories of personal information are routinely included in customer support tickets and whether those platforms hold more sensitive data than intended. 
  2. Tighten third-party support platform oversight: Reassess access controls, monitoring, and incident response expectations for customer service providers that store user-submitted data. 
  3. Prepare for phishing follow-on risk: Alert affected users to watch for unsolicited messages and suspicious activity after a breach involving names, contact details, and support-related information. 

For more news about incidents involving exposure of personal information, click Data Breach to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.