Wearable healthtech startup Ultrahuman disclosed a cybersecurity breach that exposed wellness data of 0.1% of its users on March 27, 2026. The company informed affected users on June 2, more than two months after the incident. Ultrahuman said hackers accessed contact details, transaction history, and some fitness-related data but did not compromise passwords or payment information, according to medianama.com.
The breach occurred when hackers stole login credentials from an employee’s malware-infected laptop, gaining access to Ultrahuman’s internal analytics system. The company promptly identified the incident, took the affected system offline, and revoked all access. Ultrahuman CEO Mohit Kumar confirmed the scope was limited to read-only access and no data modification or deletion took place, as reported by medianama.com.
Ultrahuman, which has around 700,000 monthly active users, faced a breach affecting at least 700 users. The incident highlights risks in healthtech data security, where sensitive wellness and transaction data are involved. The company’s swift containment contrasts with the delayed notification to users, raising questions about breach disclosure timelines in the sector, per medianama.com.
Ultrahuman has not disclosed the exact number of affected users but confirmed no passwords or credit card details were compromised. The company’s statement on June 2 marked the first public acknowledgment of the breach, underscoring ongoing challenges in securing health-related digital platforms.