Cyber Incident Victim: Ultrahuman
Date:
Mar 2026
Location:
India
Summary
Ultrahuman reported that hackers accessed customer wellness data after stealing an employee’s credentials via malware and gaining read-only entry to an internal analytics system. The company said the intrusion was detected within hours, the affected system was taken offline, and all access was revoked, while noting that passwords, payment information, and device hardware were not compromised. Based on its user base of roughly seven hundred thousand, the breach impacted about zero point one percent of users, equating to approximately seven hundred individuals whose health data may have been viewed. The company delayed user notification to fully investigate the scope and determine what data was accessed, and it has not confirmed whether any data was exfiltrated.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 27, 2026, malware infected an employee's laptop at Ultrahuman, allowing attackers to steal login credentials. Using those credentials, the attackers gained unauthorized access to an internal analytics system used by the company. The intrusion was detected by Ultrahuman's security alerting systems within hours of the breach. Upon detection, the company took the affected system offline and revoked all access associated with the compromised credentials. The vulnerability that enabled the breach was promptly patched after the system was isolated.
The accessed system contained wellness data that includes health metrics such as sleep, activity, and recovery tracked by Ultrahuman's smart rings and metabolic health devices. Ultrahuman reported that approximately 0.1% of its nearly 700,000 active users had their wellness data accessed in the incident. This equates to roughly seven hundred customers whose personal health data may have been compromised. The company explicitly stated that passwords, payment information, production systems, and the Ultrahuman Ring devices themselves were not compromised in the breach. Ultrahuman's CEO Mohit Kumar confirmed that the attackers obtained read‑only access to the affected system, though the company declined to confirm whether any data was exfiltrated.
Because the full scope of the data accessed needed to be determined, Ultrahuman delayed notifying affected users while it conducted an internal audit. On June 3, 2026, the company emailed affected customers to inform them that the breach had occurred on March 27 and involved the internal analytics tool. In the same communication, Ultrahuman said it had notified relevant regulators about the incident. The company published an FAQ on its website stating that the threat actor obtained read‑only access to the compromised system. Ultrahuman declined to share any details about possible communication from the hackers and did not define exactly what constitutes wellness data in its public statements.
Founded in 2019, Ultrahuman is an India‑based wearable technology startup that sells smart rings such as the Ring Air and Ring Pro, along with metabolic health‑tracking devices. The company has raised approximately $103 million in funding from investors including Nexus Venture Partners, Steadview Capital, and Blume Ventures. Ultrahuman's Ring Air competes with products like the Oura Ring, and the Ring Pro was introduced with upgraded sensors and battery life. The incident has contributed to ongoing discussions about how health‑tracking startups store user data on servers that can be accessed by employees, governments, and malicious actors.