Ultrahuman, a health-tech startup known for its wearable devices, has announced a data breach that compromised the wellness data of some customers. The incident was traced back to malware that infected an employee's laptop, leading to the theft of login credentials.
The breach occurred on March 27, and Ultrahuman promptly informed affected customers via email. The company took immediate action by taking the compromised system offline and revoking access to prevent further unauthorized access.
Founded in 2019, Ultrahuman specializes in smart rings and metabolic health-tracking devices, including its popular Ring Air and the newly launched Ring Pro. These devices help users monitor various health metrics such as sleep, activity, and recovery.
According to Ultrahuman, approximately 0.1% of its user base was affected, which translates to around 700 customers based on their reported 700,000 monthly active users. The company confirmed that no sensitive information, including passwords or payment details, was compromised during the breach.
CEO Mohit Kumar stated that their security systems detected the breach within hours, allowing them to address the vulnerability swiftly. The company has also been in communication with regulators regarding the incident.
While Ultrahuman has not disclosed specific details about the nature of the accessed wellness data or whether any data was exfiltrated, the breach raises concerns about how wellness tracker companies manage and secure user data. The incident underscores the risks associated with storing sensitive health information on servers accessible to employees and external actors.
In response to the breach, Ultrahuman has published an FAQ on its website, noting that the attackers gained only “read-only” access to the system. However, the company has not confirmed if any data was taken out of their systems.
Ultrahuman has secured investments from notable firms like Nexus Venture Partners, Steadview Capital, and Blume Ventures, with total funding reaching approximately $103 million.
