Hims & Hers, Inc. Data Breach

On or about February 5, 2026, Hims & Hers, Inc. became aware of a data security incident involving suspicious activity affecting its third-party customer service platform. According to the notice, Hims & Hers promptly took steps to secure the affected platform and launched an investigation to determine the nature and scope of the incident.

The investigation revealed that between February 4, 2026 and February 7, 2026, certain customer service tickets sent to Hims & Hers’ customer support team were accessed or acquired without authorization. Hims & Hers conducted a comprehensive review of the affected tickets to identify the type of information involved and the individuals potentially impacted by the incident.

On March 3, 2026, Hims & Hers determined that personal information related to a limited set of individuals was present within the compromised customer service tickets. The company reports that customer medical records were not affected by this incident, and that communications with healthcare providers on the platform were not involved.

Hims & Hers, Inc. is a consumer healthcare and telehealth company headquartered in California that connects consumers with licensed healthcare professionals for personalized treatments in sexual health, mental health, dermatology, weight loss, and hair care, serving over 2.4 million.

The breach occurred within a third-party customer service platform used by Hims & Hers.

Following the incident, Hims & Hers stated that it secured the affected platform, notified federal law enforcement, and began reviewing and strengthening its information security policies and procedures to reduce the risk of future incidents. The company also began notifying individuals whose information may have been involved.

If you received a data breach notification letter from Hims & Hers, Inc., it confirms that your personal information may have been involved in the security incident.

What information is involved in the Hims & Hers, Inc. Data Breach?

Compromised information may include:

Hims & Hers stated that customer medical records and communications with healthcare providers were not impacted by this incident.

Your Personally Identifiable Information (PII) includes information that can be used to identify you. Companies that collect and store PII are required by law to implement reasonable safeguards to protect this information. When PII is exposed during a data breach, it may be used by cybercriminals to commit identity theft, financial fraud, or other forms of misuse.

While Hims & Hers reports that customer medical records were not involved, any exposure of personal information can still pose risks, including identity theft or fraudulent activity.

If your information was involved in this incident, it is important to remain vigilant by reviewing account statements, monitoring credit reports, and watching for suspicious activity. Impacted individuals are also encouraged to review the additional guidance provided with their notification letter, including instructions for enrolling in complimentary credit monitoring and identity theft restoration services.

Consumers may have legal rights when companies fail to adequately safeguard personal information. These rights may vary by state.

If you received a Notice of Data Event / Notice of Data Breach letter related to the Hims & Hers, Inc. incident, your personal information may be at risk.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.