Ultrahuman, the Indian startup that sells smart rings for health tracking, admitted that hackers accessed the health data of part of its users - through an internal tool, not through the devices themselves.

The breach happened on 27 March 2026 and affected an internal analytics system. The hackers obtained access credentials from the laptop of an employee infected with malicious software, then gained read access to around 0.1 percent of user data. With 700,000 active users a month, that means at least 700 people.

The company makes rings like the Ring Air and Ring Pro that measure sleep, activity and recovery - a direct competitor to the popular Oura. That is exactly why the question that dodges an answer hurts the most: what exactly does „health data" mean? Ultrahuman refused to specify what information was exposed. And when a company that lives off your sleep, pulse and metabolism says „health data was accessed" without details, the silence says more than the statement.

CEO Mohit Kumar tried to calm the situation: „Our security alert systems detected the incident within a few hours, and we quickly closed the vulnerability." The company stresses that no passwords, payment data, production systems or the devices themselves were compromised.

Still, the lesson is older than any smart ring. The more sensors we wear on our bodies, the more of us lives on someone's server - and a single infected laptop is enough for it to leak. The question is not whether the next breach will happen, but whose data will be in it.