Hims & Hers Data Breach Exposes Names, Contact Details and Medical Information

Healthcare data breach illustration
Breach Discovery: 5th February 2026Breach Notification: 2nd April 2026

What Happened in the Hims & Hers Data Breach?

Hims & Hers, a telehealth company that connects users with licensed healthcare providers, has disclosed a data breach involving its third-party customer service platform. The company first detected suspicious activity on Feb. 5, 2026. As a result, it immediately began looking into what had happened and how far the intrusion reached.

According to the notification, the unauthorized access to service tickets occurred between Feb. 4 and Feb. 7, 2026. These tickets are records created whenever a customer contacts support, and they often contain personal details shared during those interactions. Because customer service tickets can include sensitive information, the exposure raised real concerns for the people involved.

After securing the platform, Hims & Hers launched a forensic investigation to determine the scope of the incident. On March 3, 2026, the company identified that personal information tied to a limited group of individuals was present in the affected records. This review specifically aimed to confirm what data was involved and which customers were impacted.

Importantly, the company stated that customer medical records themselves were not affected. In addition, communications between patients and their healthcare providers on the platform remained secure. This distinction matters because it clarifies that the breach was limited to customer service interactions rather than clinical treatment records.

Who was affected?

The Hims & Hers data breach affects individuals who contacted the company’s customer service team around the time of the intrusion. Because the exposure involved support tickets, anyone who submitted a request during that window could be impacted. The total number of affected individuals in the United States has not been publicly disclosed.

However, state filings offer a partial picture. At least 454 residents of Texas and 13 residents of Vermont were confirmed as affected. Hims & Hers also reported the incident to the California Attorney General, suggesting the breach likely extends to additional states beyond those with published figures.

Since Hims & Hers operates as a telehealth platform, its customer base includes people seeking care for sensitive personal health matters. As a result, even limited exposure of contact or medical information can feel especially invasive to those affected. The notification does not specify whether minors were among the impacted individuals.

What Information Was Potentially Exposed?

The investigation found that certain categories of personal information were present in the compromised service tickets. This information varied depending on what each customer included when contacting support. Below is a summary of the data types confirmed as exposed.

  • Full names
  • Contact information, such as email addresses or phone numbers
  • Medical information shared within customer service tickets

Because medical information was involved, affected individuals face a heightened risk of targeted phishing and social engineering attempts. For example, a scammer who knows someone sought treatment through Hims & Hers could craft a highly convincing fake message referencing that fact. This makes the exposure more dangerous than a simple contact-information leak.

In addition, exposed contact details alone can lead to a wave of spam calls, texts, or emails. However, when combined with medical context, these messages become far more persuasive and harder to spot as fraudulent. Consequently, affected individuals should treat any unexpected outreach referencing this breach with caution.

What is the company doing?

Once Hims & Hers detected the suspicious activity, it took immediate steps to secure the affected customer service platform. The company then conducted a thorough investigation to determine exactly what happened and who was affected. This process included a detailed review of the compromised service tickets to identify the personal information involved.

Following that review, Hims & Hers began notifying affected individuals and regulators, including the attorneys general of California, Texas, and Vermont. In response to the breach, the company is offering 12 months of complimentary credit monitoring and identity restoration services through Cyberscout, a TransUnion company. These services include single-bureau credit monitoring, a credit report, a credit score, and proactive fraud assistance.

Affected individuals can enroll using a unique code included in their notification letter. Because enrollment must be completed within 90 days of the letter’s date, prompt action is important. Hims & Hers has also set up a dedicated assistance line for questions related to the incident.

What Should Affected Individuals Do?

Monitor Your Credit Reports

Affected individuals should request free copies of their credit reports at AnnualCreditReport.com. Reviewing these reports closely can help identify unfamiliar accounts or suspicious activity early. This is especially important given that names and contact information were exposed in the breach.

In addition, taking advantage of the complimentary credit monitoring offered by Hims & Hers can provide ongoing alerts. Because these alerts arrive the same day a change occurs on your credit file, they offer a faster way to catch potential fraud. Enrolling promptly ensures you don’t miss the 90-day window.

Consider a Fraud Alert or Credit Freeze

Placing a fraud alert with one of the three major credit bureaus makes it harder for someone to open new accounts in your name. Equifax, Experian, and TransUnion each accept these requests, and a fraud alert placed with one bureau typically notifies the others. As a result, this step offers a relatively quick layer of protection.

For stronger protection, consider placing a credit freeze with all three bureaus. This action restricts access to your credit file entirely, which prevents most attempts to open new credit in your name. Because a freeze can be lifted temporarily when needed, it doesn’t have to interfere with legitimate credit applications.

Stay Alert for Phishing Attempts

Since contact information was exposed, affected individuals should watch closely for phishing emails, calls, or texts referencing Hims & Hers or this breach. Scammers often exploit data breaches to create convincing messages that pressure recipients into sharing more personal details. Therefore, treat any unsolicited message about this incident with suspicion.

Because medical information was also involved, phishing attempts may reference health-related topics to appear more credible. Avoid clicking links or providing personal information in response to unexpected messages. Instead, contact Hims & Hers directly through verified channels if you have concerns about a message’s authenticity.

Protect Against Medical Identity Concerns

Although the company confirmed that clinical medical records were not affected, medical information tied to customer service tickets was exposed. This means affected individuals should stay alert to any unusual activity involving their health insurance or medical accounts. Reviewing insurance statements for unfamiliar claims is a reasonable precaution.

In addition, individuals concerned about potential misuse of their medical information can request an explanation of benefits from their insurer periodically. This helps confirm that no unauthorized services have been billed under their name. If anything looks unfamiliar, reporting it quickly can limit potential damage.

Report Suspected Identity Theft

If you notice signs of identity theft, report it to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338. The FTC can help create a personalized recovery plan based on your specific situation. This step is especially useful if you discover unauthorized accounts or transactions.

Furthermore, consulting with a data breach attorney can help you understand whether you may be eligible for compensation. Many attorneys offer free case evaluations to determine whether your specific circumstances support a legal claim. This can provide clarity on your options moving forward.



More Information

Official Notice from Hims

Official State Attorney General Notification

Official State Attorney General Notification

Official Notice from Vermont

Related Data Breaches