{"id":899169,"date":"2026-04-14T13:22:19","date_gmt":"2026-04-14T18:22:19","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2026\/04\/14\/hims-hers-warns-of-data-breach-after-zendesk-support-ticket-breach\/"},"modified":"2026-04-14T13:22:19","modified_gmt":"2026-04-14T18:22:19","slug":"hims-hers-warns-of-data-breach-after-zendesk-support-ticket-breach","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2026\/04\/14\/hims-hers-warns-of-data-breach-after-zendesk-support-ticket-breach\/","title":{"rendered":"Hims &#038; Hers warns of data breach after Zendesk support ticket breach"},"content":{"rendered":"<div>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"Hims and Hers pills\" height=\"900\" src=\"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/04\/03\/hims-hers.jpg\" width=\"1600\"><\/p>\n<p>Telehealth giant Hims &#038; Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform.<\/p>\n<p>Hims &#038; Hers is an American telehealth company specializing in the direct-to-consumer healthcare space, providing subscription-based treatments for hair loss, ED, mental health, skincare, weight loss, and other conditions or needs.<\/p>\n<p>It is one of the most successful U.S. brands in the online pharmacy and telehealth space, with strong marketing presence, and annual revenues close to $1 billion.<\/p>\n<p><a href=\"https:\/\/www.adaptivesecurity.com\/demo\/security-awareness-training?utm_source=display_network&#038;utm_medium=paid_display&#038;utm_campaign=2026_04_display_bleepingcomputer&#038;utm_id=701Rd00000fE8REIA0&#038;utm_content=970x250\" rel=\"nofollow noopener\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/a\/as-tour-the-platform-970-x250.jpg\" alt=\"Wiz\"><\/a>\n<\/p>\n<p>According to a sample of the notification shared with the <a href=\"https:\/\/oag.ca.gov\/system\/files\/Hims%20%26%20Hers%2C%20Inc.%20-%20Notice%20of%20Data%20Event%20-%20CA_0.pdf\" target=\"_blank\" rel=\"nofollow noopener\">authorities in California<\/a>, the data breach occurred in early February 2026.<\/p>\n<p>&#8220;On February 5, 2026, Hims &#038; Hers, Inc. became aware of suspicious activity affecting our third-party customer service platform,&#8221; reads the letter sent to impacted individuals.<\/p>\n<p>&#8220;We promptly took steps to secure our customer service platform and initiated an investigation into the nature and scope of the potential security incident.&#8221;<\/p>\n<p>&#8220;The investigation determined that from February 4, 2026, to February 7, 2026, certain tickets sent to our customer service team were accessed or acquired without authorization.&#8221;<\/p>\n<p>Following an internal investigation, the company determined, on March 3, that hackers had accessed support\u00a0tickets that, in some cases, contained personal information.<\/p>\n<p>The exposed information may include names, contact information, and other unspecified data, likely related to the support request submitted in each case.<\/p>\n<p>The company underlined that no medical records or doctor communications were compromised in this incident.<\/p>\n<p>While the company did not share further details, BleepingComputer learned last month that the ShinyHunters extortion gang conducted the breach.<\/p>\n<p>The data was stolen as part of a widespread campaign in which threat actors <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks\/\" target=\"_blank\" rel=\"nofollow noopener\">compromised Okta SSO accounts<\/a> to gain access to third-party cloud storage services and SaaS platforms to steal data.<\/p>\n<p>In this particular attack, BleepingComputer was told that the threat actors used the Okta SSO account to access the His and Hers Zendesk instance, where they stole millions of support tickets.<\/p>\n<p>The company is now offering 12 months of free credit monitoring services to all impacted individuals.<\/p>\n<p>Customers are also encouraged to maintain heightened vigilance against unsolicited communications that may contain phishing or social-engineering lures. Also, they are advised to review account statements and monitor credit reports for suspicious activity.<\/p>\n<p>BleepingComputer has reached out to the firm to request more information about the incident and how many customers have been impacted, but we have not heard back by publication time.<\/p>\n<p>Two recent high-profile customer support security breaches that led to client data breaches are those of DIY store chain <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/european-dyi-chain-manomano-data-breach-impacts-38-million-customers\/\" target=\"_blank\" rel=\"nofollow noopener\">ManoMano<\/a> in February and <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/crunchyroll-probes-breach-after-hacker-claims-to-steal-68m-users-data\/\" target=\"_blank\" rel=\"nofollow noopener\">Crunchyroll<\/a> in March. In both these cases, the compromised platform was Zendesk.<\/p>\n<div>\n<p><a href=\"https:\/\/hubs.li\/Q048zztN0\" target=\"_blank\" rel=\"noopener sponsored\"><br \/>\n            <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/p\/picus-whitepaper.jpg\" alt=\"tines\"><\/a>\n    <\/p>\n<div>\n<h2><a href=\"https:\/\/hubs.li\/Q048zztN0\" target=\"_blank\" rel=\"noopener sponsored\">Automated Pentesting Covers Only 1 of 6 Surfaces.<\/a><\/h2>\n<p>Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.<\/p>\n<p>This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.<\/p>\n<\/p><\/div>\n<\/div><\/div>\n<p> Bill Toulas <br \/><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hims-and-hers-warns-of-data-breach-after-zendesk-support-ticket-breach\/\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Telehealth giant Hims &amp; Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. Hims &amp; Hers is an American telehealth company specializing in the direct-to-consumer healthcare space, providing subscription-based treatments for hair loss, ED, mental health, skincare, weight loss, and other conditions or<\/p>\n","protected":false},"author":1,"featured_media":899170,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[252,359],"tags":[6454,5192],"class_list":{"0":"post-899169","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-breach","8":"category-warns","9":"tag-breach","10":"tag-warns"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/899169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=899169"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/899169\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/899170"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=899169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=899169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=899169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}