Ultrahuman's founder and CEO, Mohit Kumar, has alerted users via email regarding a security breach affecting Ultrahuman's system.
The breach involves customer contact and account details, although passwords, payment information, and credit card numbers remain secure. The compromised information includes contact and account details, order and transaction histories, and some fitness-related data.
On March 27, an unauthorized third party accessed an internal analytics system used by Ultrahuman. The company promptly detected the breach and took the affected system offline. The system's architecture prevented any data modification or deletion.
Ultrahuman has reported no evidence of misuse of the compromised information. Users may direct questions to security-2026@ultrahuman.com, and additional details are available online.
Here is the complete email communication:
Hi there,
I'm Mohit, founder & CEO of Ultrahuman. On March 27, 2026, we experienced a security incident. To clarify: no passwords, credit card details, or payment data were involved, and we have no evidence of misuse.
WHAT HAPPENED
On March 27, 2026, an unauthorized third party gained read-only access to an internal analytics system. The system's design limited the scope of access, preventing any modification or deletion of data. We quickly identified the breach, took the affected system offline, and revoked all access.
WHAT INFORMATION WAS AND WAS NOT INVOLVED
The dataset affected included your contact and account details, order and transaction history, and some fitness-related information linked to your product usage and purchases.
Importantly, no passwords, payment, or credit card information were accessed or impacted by this incident. Your Ultrahuman Ring continues to function normally, accurately recording wellness information.
STEPS WE HAVE TAKEN
Upon identifying the incident, we promptly took the affected system offline and revoked all access. We have implemented the following remediation measures:
- Enhanced access control policies across internal systems, including least-privilege access reviews.
- Strengthened endpoint security on all employee devices with stricter configurations and continuous monitoring.
- Increased the frequency of periodic access audits across internal tools.
- Introduced export-volume anomaly detection and alerting on internal systems.
We are also actively monitoring public and online channels for any signs of misuse or publication of the accessed information. To date, we have not detected any such instances.
WHAT YOU SHOULD DO
As a precaution, please remain vigilant against phishing attempts. If you receive any unexpected emails, SMS messages, or calls regarding Ultrahuman, your orders, or personal data, exercise caution—particularly if they create a sense of urgency or request you to click a link.
Ultrahuman will never ask you to confirm your password, payment details, or any other personal information via email or SMS.
CONTACT US
For inquiries, please email security-2026@ultrahuman.com with the subject line "Security Incident." Our team is ready to assist you.
More information can be found at ultrahuman.com/legal/notice-march-2026.
We take this incident seriously, and the measures implemented are designed to prevent future occurrences. We are committed to earning your trust every day.
Via mail.
