Hims & Hers Data Breach Exposes Customer Information

Severity: Medium (Score: 51.9)

Sources: Classaction, Techcrunch

Summary

Hims & Hers has reported a data breach affecting its third-party customer service platform due to a social engineering attack. The breach occurred between February 4 and February 7, 2026, compromising personal information from customer support tickets, including names, email addresses, phone numbers, and physical addresses. Although the company asserts that customer medical records were not affected, the nature of the data stolen may still include sensitive information. Hims & Hers is currently under investigation for a potential class action lawsuit as attorneys seek to hear from affected individuals. The breach was first discovered on February 5, 2026, and the company has filed a notice with the California Attorney General's office. The total number of individuals affected remains unknown, but California law requires disclosure for breaches involving 500 or more residents. The company is facing scrutiny over its data protection measures and response to the incident. Key Points: • Hims & Hers confirmed a data breach affecting its customer support system. • Personal information from customer support tickets was compromised due to a social engineering attack. • The breach occurred from February 4 to February 7, 2026, with a potential class action lawsuit being investigated.

Key Entities

• Data Breach (attack_type)
• Hims & Hers (company)
• classaction.org (domain)
• Healthcare (industry)
• T1566 - Phishing (mitre_attack)