Ultrahuman, the wearable tech company known for its smart rings competing directly with Oura, has disclosed a data breach that exposed customer information earlier this year. In an email sent to users on June 4, founder and CEO Mohit Kumar revealed that on March 27 an unauthorized party accessed an internal analytics system containing contact details, account information, and order and transaction histories.
Notably absent from the compromised data were passwords and payment information, and the company emphasized that the accessed records remained unaltered since the system did not allow modification or deletion. Ultrahuman quickly revoked access to the affected system and took it offline. In the weeks since, the company reports monitoring public channels and the broader internet for any signs of the leaked data surfacing, with none detected so far.
This incident arrives at a sensitive moment for Ultrahuman. The company only recently re-entered the US market in March with the Ring Pro, following a patent-infringement lawsuit from rival Oura that had forced it out in 2025. With roughly 700,000 daily active users in the United States, the breach touches a significant customer base invested in personal health tracking. Products like the Ring Pro and the Home sleep monitor collect intimate biometric data, making any security lapse particularly concerning in an industry where trust underpins long-term user engagement.
Kumar outlined several remedial steps, including tighter controls on internal system access, enhanced security for employee devices, more frequent audits, and improved alerting mechanisms. The company has also published a FAQ and provided a dedicated email—security-2026@ultrahuman.com—for concerned customers. While such transparency is welcome, the breach underscores persistent vulnerabilities in the fast-growing wearables sector. Health devices promise insights into sleep, activity, and recovery, yet they often handle sensitive personal details with uneven safeguards. Past incidents across the tech industry have shown how even limited data exposures can fuel phishing attempts or identity risks, especially when combined with publicly available information.
From a broader perspective, this event highlights the challenges smaller players face against established competitors. Ultrahuman’s return to the market positioned it as an aggressive alternative in the smart ring space, but security missteps risk eroding consumer confidence at a time when users are increasingly wary of sharing health metrics with corporations. The absence of payment data and passwords limits immediate harm, yet the exposure of transaction histories and contact details still carries potential for targeted scams or unwanted attention.
As wearables edge closer to mainstream medical relevance, incidents like this serve as sober reminders that robust cybersecurity must match the sophistication of the hardware. Ultrahuman’s response appears measured, but the real test will be whether these preventive measures hold and whether users continue to trust the brand with their data moving forward. For those affected, reviewing account activity and remaining vigilant against follow-on threats remains sound advice in an ecosystem where personal information has become a valuable, and vulnerable, commodity.
