Indian health-tech wearable startup Ultrahuman has confirmed a cybersecurity breach that allowed unauthorized individuals to access the wellness data of a small fraction of its customers. The Bengaluru-headquartered firm, widely known for its smart rings and health-monitoring ecosystems, initiated direct email notifications to affected individuals on Wednesday to disclose the perimeter of the incident. According to corporate statements, the breach was limited to an isolated tracking system and did not compromise any vital infrastructure or core user authentication records.
Compromised Employee Device Serves as Attack Vector
Company officials disclosed that hackers successfully penetrated an internal analytics database by exploiting login credentials stolen from an infected employee laptop. Ultrahuman clarified that the breach, which occurred on March 27, impacted the wellness data of approximately 0.1 percent of its total user base. Given the firm’s previously reported monthly active user threshold of roughly 700,000 individuals, independent calculations indicate that at least 700 customers had their information exposed during the digital intrusion.
The startup stated that its technical monitoring units detected the unauthorized entry within hours of the initial exploit. System administrators responded by immediately taking the targeted analytics database offline and revoking all compromised access tokens to block further exposure. The firm has not shared technical details regarding what specific parameters were included in the accessed wellness data, and it declined to specify whether the intruders successfully copied or downloaded any consumer records.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Core Ring Devices and Production Infrastructure Secure
In an effort to reassure consumers, Ultrahuman emphasized that the threat actors only managed to obtain read-only access to the single affected analytics system. The startup confirmed that no account passwords, payment information, primary production systems, or standalone Ultrahuman Ring devices were compromised or accessed at any point during the operation.
“Our security alerting systems detected the incident within hours, and we closed the vulnerability swiftly,” Ultrahuman CEO Mohit Kumar said in a statement. Kumar further explained that the company intentionally delayed notifying its broader user base until it completed an exhaustive forensic audit to understand the full structural impact of the breach and systematically identify what customer variables may have been affected.
Health Startup Regulates Data Logs Amid Global Expansion
Founded in 2019, Ultrahuman has grown rapidly in the consumer health-tech space, developing specialized devices that help users monitor sleep quality, daily physical activity, physiological recovery, and other health-related metrics. The firm recently expanded its product portfolio with the launch of the Ring Pro, while its established Ring Air device continues to compete globally with prominent sector alternatives like the Oura Ring.
Corporate management added that the firm is currently informing relevant regulatory authorities about the timeline and nature of the incident. While an internal investigation into the breach remains ongoing, tech analysts note that the event highlights growing privacy and data usage concerns for health-tech enterprises handling sensitive biometrics.
