Telehealth company Hims & Hers Health suffered a data breach via its third-party customer support platform, exposing sensitive personal health information (PHI) including names, email addresses, and medical details from customer support tickets. The ShinyHunters group claimed responsibility for the attack, though these claims were unverified.
Initial Access
Support Platform Breach
confirmed
Threat actors gained unauthorized access to Hims' third-party customer support platform, maintaining access from February 4 to February 7, 2026.
Defender cut points
Implement robust third-party vendor risk management, including regular security audits and strict access controls for integrated platforms.Enforce least privilege access for third-party applications to sensitive data.
