I'm sorry to report that I'm one of the victims in the Ultrahuman data breach, which includes wellness data. Yesterday, certain Ultrahuman users got an email from Mohit Kumar, the company's founder and CEO, alerting them of a “security incident” that occurred on 27 March 2026.
Kumar said: “The most important facts first: no passwords, card details, or payment data were involved, and we have found no evidence of misuse.” As a health and fitness editor, I'm constantly testing the latest wearables, and it turns out I've been compromised and, according to Ultrahuman, my data is now at risk.
The company, best known for its smart rings, reportedly has up to 700,000 users globally. The breach targeted an internal analytics system, rather than Ultrahuman’s core user database, so it’s thought that only around 1,000 users are affected. Let’s look at what’s been taken and the steps Ultrahuman has taken to reassure users like me.
What have the hackers stolen?
According to the email that landed in my inbox last night, the “affected dataset” contained just one single piece of personal information: my email address. In the grand scheme of things, that's not too bad.
A statement on the Ultrahuman website confirms that for other users, this won’t be the only data accessed by hackers.
“The information visible to the unauthorised individual varied by account. The dataset that was accessed contained, depending on the user, contact and account details, order and transaction history, and for a smaller group of users, some fitness related data associated with their product usage and purchases.”
Kumar goes on to write: “No passwords, payment or credit card information, account details, transaction history or wellness data were accessible or affected by this incident. Your Ultrahuman Ring continues to operate normally and to record accurate wellness information.”
What has Ultrahuman advised?
The email goes on to advise me to “be alert to phishing attempts. If you receive any unexpected email, SMS, or telephone call referencing Ultrahuman, your orders, or your personal data, please treat it with caution, particularly where it conveys urgency or requests that you click a link.”
In a week that’s seen Oura launch the Oura Ring 5, and reports building about a new Samsung Galaxy Ring, what this data breach will do to Ultrahuman’s reputation remains to be seen.
I reached out to Ultrahuman, and they responded with the following statement:
"On March 27 2026, the wellness data of 0.1% of users was accessed via unauthorized access to an internal tool. No passwords or payment data were accessed, and the Ultrahuman Ring and production system weren’t compromised.
"We’ve taken our time to properly comply with the process of informing regulators and auditing the full scope of what was and wasn't affected. We wanted to inform users precisely what data was involved rather than guessing, and have taken steps to ensure this never happens again."
Have you had your personal details stolen through a data breach? Let me know what happened in the comments below.
More from Tom's Guide
- I've been using the Fitbit Air for over a week, and my favorite feature has completely changed the way I wake up
- The Fitbit Air is basically just a screen-less Fitbit Inspire 3 — and that’s a very good thing
- Forget the Whoop 5.0 — The new Fitbit Air is a screen-less, subscription-free fitness tracker for the masses
