Hims & Hers Data Breach Exposes Customer Support Information

Severity: Medium (Score: 51.9)

Sources: Techcrunch, Classaction, Scworld, Bleepingcomputer

Summary

Hims & Hers Health reported a data breach affecting its third-party customer service platform, Zendesk, after hackers accessed support tickets containing personal information. The breach occurred between February 4 and February 7, 2026, and was discovered on February 5. The attack was attributed to social engineering tactics that tricked employees into granting access. Exposed data includes customer names, email addresses, phone numbers, and physical addresses, but no medical records were compromised. The company is offering 12 months of free credit monitoring to affected individuals. Legal investigations are underway to determine if a class action lawsuit will be filed. The exact number of impacted customers remains unknown, but the breach is significant enough to require notification under California law. Hims & Hers is currently enhancing security measures to prevent future incidents. Key Points: • Hims & Hers experienced a data breach affecting its Zendesk customer support platform. • The breach was caused by a social engineering attack on employees, compromising personal data. • No medical records were exposed, but customers are advised to monitor their accounts for suspicious activity.

Key Entities

• Data Breach (attack_type)
• Hims & Hers (company)
• classaction.org (domain)
• Healthcare (industry)
• T1566 - Phishing (mitre_attack)