Incident Overview

A threat actor going by HexDex claims to be selling sensitive data from Therapeutes.com, a French online platform that has been connecting users with licensed therapists and mental health professionals since 2013. The platform allows people to find, book, and attend therapy sessions either in person or through video calls, meaning the underlying database contains deeply personal information about individuals seeking mental health support.

What makes this breach particularly concerning is the nature of the data involved. This isn't just emails and phone numbers, the listing explicitly mentions therapy appointment records with consultation and reason fields, which would reveal why individuals sought therapy in the first place. The actor provided the following breakdown:

• Patient Records - 71,502 patients with associated personal information.
• Appointment Data - 199,697 appointments total, including 56,225 entries with a "consultation" field and 23,492 entries with a "reason" field describing the purpose of the therapy visit.
• Contact Data - 95,985 unique email addresses and 97,518 unique phone numbers.
• Government Emails - 27 gouv.fr email addresses were identified in the dataset, indicating some French government employees are among those affected.
• Samples - The actor provided proof links and a 500-line sample to demonstrate the data's authenticity.

The actor is accepting offers rather than listing a fixed price, and recommends using escrow for secured transactions. Given that this involves healthcare data protected under the EU's GDPR and potentially France's additional health data regulations, the exposure of therapy reasons and consultation details represents a severe privacy risk for affected individuals.