Telehealth Firm Hims & Hers Exposes Millions of Support Tickets in Zendesk Breach via Compromised Okta Accounts
What Happened – In early February 2026, threat actors who had compromised Okta SSO credentials accessed Hims & Hers’ Zendesk support‑ticket system and exfiltrated millions of tickets containing personal identifiers. The breach was disclosed in early April 2026 after the company’s internal investigation confirmed unauthorized access from Feb 4‑7.
Why It Matters for TPRM –
- Third‑party SaaS platforms can become a conduit for large‑scale data exposure when identity providers are breached.
- Personal health‑related data, even if not clinical records, heightens regulatory and reputational risk for downstream partners.
- Ongoing reliance on a single support‑ticket vendor without layered controls increases supply‑chain attack surface.
Who Is Affected – Telehealth and digital‑pharmacy customers (U.S. consumers), primarily in the HEALTH_LIFE sector; the incident also implicates the SaaS vendor Zendesk and the identity provider Okta.
Recommended Actions –
- Review contracts and security clauses with Zendesk and any other SaaS ticketing or support platforms.
- Verify that your organization enforces MFA, conditional access, and least‑privilege for all third‑party SSO integrations.
- Conduct a data‑mapping exercise to identify any personal data stored in support tickets and assess exposure.
- Require affected vendors to provide evidence of post‑incident remediation and continuous monitoring.
Technical Notes – Attack vector: stolen Okta credentials (SSO) → unauthorized access to Zendesk → mass download of support tickets. Exfiltrated data includes names, email addresses, phone numbers, and other request‑specific details; no clinical records were reported. Source: BleepingComputer