Ultrahuman Data Breach: User Contact Details Compromised

Ultrahuman Confirms Data Breach Impacting User Details

Ultrahuman, the smart ring and metabolic health tracking device manufacturer, experienced a cybersecurity incident in March that resulted in unauthorized access to sensitive user contact and account details. The breach, which occurred on March 27, saw an external party gain “read-only” access to the startup’s internal analytics systems, highlighting ongoing data security challenges for tech companies.

Breach Details and Affected Information

The smart ring brand confirmed the breach in an email to affected customers, stating that the unauthorized access was limited to an internal system that did not permit data modification or deletion. Ultrahuman promptly took the compromised system offline and revoked all access. TechCrunch reported that attackers leveraged credentials stolen from an employee’s malware-infected laptop to initiate the breach.

Ultrahuman CEO Mohit Kumar clarified that critical user data, including passwords, payment information, and wellness data, was not compromised. However, hackers did access user contact and account details, along with order and transaction history. The company indicated that about 0.1% of its roughly 700,000 monthly active users, translating to at least 700 individuals, had their wellness data accessed.

Security Enhancements and Regulatory Response

Following the incident, Ultrahuman implemented several remediation measures to bolster its security posture. These include hardening security on employee devices, increasing the frequency of periodic access audits, and deploying anomaly detection systems on internal networks.

The company also stated it has actively monitored public and other internet channels for any evidence of publication or misuse of the accessed information, reporting no such findings to date. Regarding the delay in informing affected users and regulators, CEO Mohit Kumar reportedly explained that the smart ring maker was conducting a thorough audit to ascertain the full scope of the incident.

Company Profile and Market Challenges

Founded in 2019 by Mohit Kumar and Vatsal Singhal, Ultrahuman develops metabolic health tracking devices such as the Ring Air smart ring and the M1 continuous glucose monitoring device. The company has successfully raised over $103 million from investors including Nexus Venture Partners, Steadview Capital, Blume Ventures, and Premji Invest.

Ultrahuman primarily operates in the U.S. market, which contributes the majority of its revenues. The company recently re-entered the U.S. market in March 2026 with its Ring Pro, a redesigned smart ring, after facing a months-long import ban. This ban was imposed by the U.S. International Trade Commission (ITC) due to a patent infringement ruling favoring Finnish competitor Oura, an issue that reportedly cost Ultrahuman up to $50 million in lost sales.

Financially, Ultrahuman achieved profitability in FY25, reporting a net profit of ₹71.5 crore, a significant turnaround from a loss of ₹37.7 crore in the previous fiscal year. Its operating revenue also saw a nearly fivefold increase, reaching ₹564.7 crore in FY25 compared to ₹104.6 crore in FY24.

The cybersecurity breach, while impacting a small percentage of its user base, underscores the critical importance of robust security protocols for companies handling sensitive personal data. Ultrahuman’s swift remediation efforts and return to the U.S. market with a new product indicate its focus on both security and market expansion amidst competitive and regulatory challenges.