A data breach at Ultrahuman allowed hackers to access customer wellness information through an internal company tool. Here’s what happened, who was affected, and how you can protect your health data.
Table of Contents
What Happened?
According to TechCrunch, Ultrahuman — an India-based wearable health technology company — disclosed a data breach that occurred on March 27, 2026. The company said hackers gained access to an internal analytics system after stealing an employee’s login credentials from a laptop infected with malware (harmful software that can steal information).
Ultrahuman said it detected the intrusion within hours, took the affected system offline, and revoked access. The company informed affected customers about the incident on June 3.
Ultrahuman is known for its smart rings and health-tracking devices that monitor sleep, activity, recovery, and other wellness metrics.
Who Was Affected and What Data Was Leaked?
Ultrahuman said the breach affected approximately 0.1% of its users.
Based on the company’s previously reported figure of roughly 700,000 monthly active users, that could mean at least 700 customers had their wellness data accessed. The company has not shared the exact number of affected users.
The company said no passwords, payment information, production systems, or customer devices were affected.
However, Ultrahuman has not publicly explained exactly what types of wellness data were accessed. The company also did not confirm whether any customer information was copied or downloaded by the attackers.
Health and wellness information can be sensitive. Even when financial information is not involved, personal details can sometimes be used in phishing emails, impersonation attempts, or other forms of fraud.
Many people focus on major breaches that make national headlines. However, smaller incidents often receive less attention, and affected individuals may never realize their information was involved.
If you are not sure whether your information was leaked somewhere online, checking regularly can help you spot problems earlier.
With Futureproof, you can quickly check whether your email appeared in known data breaches and get simple steps to secure your account.
How Did the Attack Happen?
Ultrahuman said the attackers used credentials stolen from an employee’s laptop.
The laptop had been infected with malware, which is harmful software designed to steal information or provide unauthorized access to systems.
Using the stolen credentials, the attackers accessed an internal analytics tool used by the company. Ultrahuman said the affected system only provided “read-only” access, meaning the attackers could view information but were not supposed to be able to change it.
Futureproof scans your data for leaks and shows exactly how to close security gaps — before scammers find them first.
Check my safetyWhat This Incident Reveals About Modern Health Apps
Many health and wellness devices collect large amounts of personal information. That information is often stored on company servers so users can view their data through mobile apps and online dashboards.
This means a breach affecting a company can sometimes affect users even when their own devices remain secure.
According to the FBI, cybercriminals increasingly target employee accounts because a single compromised login can provide access to valuable company systems. This case shows how one infected device can create risks for hundreds of customers.
At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
