Hims & Hers Telehealth Platform Suffers Data Breach via Social Engineering
Learn More
Hims & Hers Health, Inc., a telehealth provider, reported a data breach to the California Attorney General’s office on April 2, 2026.
The incident involved unauthorized access to the company's third-party customer support ticketing, not its internal medical record infrastructure. The breach was caused by a social engineering attack targeting two employees. The hackers maintained access to the ticketing system from February 4 to February 7, 2026 and stole customer communications and personal identifiers.
The company claims their primary electronic medical records (EMR) and direct communications with healthcare providers are secure.
The compromised data includes:
- Full names
- Email addresses
- Phone numbers
- Physical addresses
- Treatment categories and communication history (for interactions between February 2025 and February 2026)
The number of affected individuals is not disclosed,
The organization launched a forensic investigation, notified federal law enforcement, and began a review of the affected tickets to identify impacted users. The company is offering 12 months of complimentary credit monitoring and identity restoration services to those whose information was accessed.
