Ultrahuman has confirmed a data breach that exposed some customer information, but the company says passwords and payment data were not affected. The disclosure still matters because the exposed material includes contact details, account information, and order and transaction history.
The incident centers on unauthorized access to an internal system used for analytics. In an email sent to customers on Wednesday, founder and CEO Mohit Kumar said the access occurred on March 27 and did not allow the attacker to modify or delete stored data.
What was exposed
The company said the compromised data included customer contact information, account details, and records of orders and transactions. That combination is especially sensitive for a health-device brand, where personal and usage-related data can reveal more than a basic account profile.
Ultrahuman also said the breach did not involve passwords or payment information. Even so, the exposure of transaction history and account details can still create privacy risks and open the door to misuse if the data is circulated further.
What Ultrahuman says it has done
After detecting the incident, Ultrahuman said it revoked access to the affected system and shut it down. The company also said it strengthened and restricted internal access, improved security on employee devices, and increased the frequency of access audits.
Additional warning systems are also being upgraded to help detect suspicious activity more quickly in the future. For customers seeking more detail, Ultrahuman has prepared a dedicated FAQ and directed concerns to security-2026@ultrahuman.com.
Scale remains unclear
Ultrahuman has not disclosed how many customers were affected. Associated Press said it requested additional information about the scale of the breach and will update its report if a response is received.
The company added that it has been monitoring public channels and other internet sources for signs that the compromised data has spread. So far, it says it has not found evidence that the information has appeared in public.
A sensitive moment for the business
The breach comes as Ultrahuman is active again in the U.S. market after re-entering in March with the Ultrahuman Ring Pro. The company had previously exited the U.S. in 2025 after a patent infringement lawsuit filed and won by Oura.
Ultrahuman also sells other health products, including Home, which is positioned as a sleep monitor. In the U.S., the company is said to have around 700,000 daily active users, making any security issue a significant reputational concern as attention shifts to how customer data is handled.
