Ultrahuman Reports Data Breach Affecting Customer Wellness Data
Original: Ultrahuman says hackers accessed customers’ wellness data via internal tool
Why This Matters
Highlights security vulnerabilities in health-tech startups handling sensitive user data
Health-tech startup Ultrahuman disclosed hackers accessed customer wellness data on March 27 through stolen employee credentials via malware. The breach affected approximately 0.1% of users, roughly 700 customers based on company's 700,000 monthly active user base.
India-based wearable health startup Ultrahuman informed customers via email that hackers gained unauthorized access to wellness data through an internal analytics system. The breach occurred when attackers used credentials stolen from an employee's malware-infected laptop. Ultrahuman, known for its Ring Air device competing with Oura Ring, detected the intrusion within hours and took affected systems offline. CEO Mohit Kumar stated no passwords, payment information, production systems, or Ring devices were compromised. The company said attackers gained read-only access but declined to confirm if data was exfiltrated. Ultrahuman has raised $103 million from investors including Nexus Venture Partners and Steadview Capital.