Hims and Hers reveal cyberattack — customer support system hacked and personal info stolen, here's what we know

News
By published

Company reports breach to the California AG

healthcare
(Image credit: Rawpixel / Pixabay)
  • Breach exposed customer service tickets with personal data
  • Medical records and provider communications unaffected
  • Company offering free credit monitoring and identity restoration

American telehealth giant Hims & Hers has confirmed suffering a cyberattack recently in which it lost some sensitive customer information.

In a breach notification letter filed with the Office of the California Attorney General, the company said it spotted the intrusion on February 5, 2026, and moved to secure its infrastructure. Following a subsequent investigation, the company found that between February 4 and February 7, an unidentified threat actor accessed “certain tickets sent to our customer service team.”

These tickets, affecting “a limited set of individuals”, contained personal information, Hims & Hers said, but did not go into detail. It said that names and contact information were accessed as well as other data that was redacted in the letter.

Article continues below

No word on the attackers

“Customer medical records were not impacted by this incident, and neither were communications with health care providers on the platform,” the company said, adding that it was now reviewing its policies and procedures to make sure intrusions such as this one don’t happen in the future, and that federal law enforcement was notified. Regulators will be notified, too, if required.

We don’t know how many people were affected by this incident, but as TechCrunch reported, companies are required, by law, to issue a notification if more than 500 people are impacted. Hims & Hers is also offering free credit monitoring and identity restoration services for a year, through Cyberscout.

Hims & Hers did not say how the breach happened, and we don’t know if they were contacted by the attackers. Usually, when crooks steal sensitive data, they offer to delete them in exchange for payment in crypto, but most victims decline such offers.

No hacking groups have yet claimed responsibility for this attack and the data has not yet appeared in the wild. Information generated by healthcare organizations is usually valuable to criminals, given its potential for abuse in phishing and identity theft attacks.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.