Hims & Hers Confirms Data Breach in Customer Support System
Hims & Hers, a prominent telehealth provider known for offering weight-loss medications and sexual health prescriptions, has disclosed a security breach involving its third-party customer service platform. The company reported the incident in a data breach notice filed with the California Attorney General’s office on April 2, 2026.
According to the notice, unauthorized individuals accessed the company’s third-party ticketing system between February 4 and February 7, 2026. During this period, the attackers obtained numerous support tickets containing personal information submitted by customers. The compromised data includes customer names, contact details, and other unspecified personal information, which was redacted in the official notice.
Hims & Hers has assured that customer medical records remain unaffected by this breach. However, given the nature of customer support systems, the exposed data may still contain sensitive information related to individuals’ accounts and healthcare interactions.
The exact number of individuals impacted by this breach has not been disclosed. Under California law, companies are mandated to report data breaches affecting 500 or more state residents.
Jake Martin, a spokesperson for Hims & Hers, stated that the breach resulted from a social engineering attack. In such attacks, perpetrators manipulate employees into granting access to secure systems. Martin specified that the stolen data primarily included customer names and email addresses. When pressed for more details, the company did not specify the exact types of data compromised.
The company has not confirmed whether it has received any communication from the attackers, such as ransom demands.
This incident highlights a growing trend where customer support and ticketing systems become prime targets for financially motivated cybercriminals. These attackers often infiltrate databases containing customer information and may attempt to extort companies for ransom.
For instance, in the previous year, Discord experienced a data breach that compromised its customer support ticketing system. This breach exposed government-issued IDs of approximately 70,000 individuals who had submitted their driver’s licenses and passports for age verification purposes.
In response to the breach, Hims & Hers is likely to implement enhanced security measures to prevent future incidents. This may include employee training on recognizing and avoiding social engineering tactics, strengthening access controls, and conducting regular security audits of third-party service providers.
Customers are advised to remain vigilant for any suspicious communications or activities related to their accounts. Monitoring financial statements and being cautious of unsolicited emails requesting personal information can help mitigate potential risks stemming from such breaches.
