Mohit Kumar, founder and CEO of Ultrahuman, informed users via email that there has been a security breach in Ultrahuman’s systems.
The breach included customer contact and account details, but no passwords, payment information or credit card numbers. Ultrahuman says the information affected is contact and account details, order and transaction history, and some fitness-related data.
On March 27, an unauthorized third party gained access to an internal system used by Ultrahuman for analytics. The company identified the incident and removed the affected systems. Due to its design, the affected system did not allow modification or deletion of data.
Ultrahuman says it has found no evidence of misuse of improperly obtained user information. Users can send questions Security-2026@ultrahuman.comMore information here.
Here is the full email.
hello,
I’m Mohit, Founder and CEO of Ultrahuman. On March 27, 2026, we had a security incident, but the most important facts first: no passwords, card details, or payment data were involved, and we have found no evidence of misuse.
Here’s a full description of what happened, the information involved, and the steps we took in response.
What happened
On March 27, 2026, an unauthorized third-party gained read-only access to an internal system used for internal analysis. The scope of access was constrained by the design of the system, which did not allow modification or deletion of data. We immediately identified the incident, took the affected systems offline, and revoked all access.
What information was and was not included
For your account, the affected datasets included your contact and account details, your order and transaction history, and certain fitness-related data associated with your product use and purchases.
No passwords, payment or credit card information was accessible or affected by this incident. Your Ultrahuman Ring continues to function normally and record accurate health information.
Steps we have taken
After identifying the incident, we immediately took the affected systems offline and revoked all access. We have since implemented the following corrective measures:
- Access control policies in internal systems were strengthened, including least-privilege access reviews.
- Rigorous endpoint security on all employee devices, with strict configuration controls and continuous monitoring.
- Increased frequency of periodic access audits of internal tooling.
- Deployed export-quantity discrepancy detection and alerts on internal systems.
We have also actively monitored public and other internet channels for any evidence of publication or misuse of the information received. To date, we have not identified any such publications or misuse.
what should you do
As a precaution, and as is standard practice after any incident, remain alert to phishing attempts. If you receive an unexpected email, SMS, or telephone call referencing Ultrahuman, your order, or your personal data, please treat it with caution, especially where it states urgency or requests that you click on a link.
Ultrahuman will not ask you to confirm your password, payment details or any other personal information by email or SMS.
contact us
For queries, write to Security-2026@ultra human.com with the subject line “Security Incident”. Our team is standing.
More information at ultrahuman.com/legal/notice-march-2026.
We take this incident seriously. The measures we have put in place are designed to prevent a recurrence, and we are committed to earning your trust every day.
