Ring next to padlock
Image source: Gadgets & Wearables

Ultrahuman says user data was accessed in security incident

Marko Maslakovic 2 min read

Ultrahuman users are now being notified about a March 2026 security incident involving an internal analytics system and some user data. The email, which landed in our inbox today, says passwords, card details and payment information were not involved.

The notice comes from Mohit Kumar, Ultrahuman’s founder and CEO, and explains what happened on 27 March 2026. According to the company, an unauthorised third party gained read-only access to an internal system used for analytics. The access did not allow anyone to modify or delete data, and the affected system was taken offline once the incident was identified.

The timing is probably the bit that will make some users pause. Ultrahuman says the incident happened more than two months ago. But emails are only going out now in June. To be fair, security investigations can take time. Still, the gap is worth mentioning.

What Ultrahuman says was accessed

For affected users, Ultrahuman says the dataset contained contact and account details, order and transaction history and some fitness-related data associated with product usage and purchases. That is a fairly broad mix.

The reassuring part is that Ultrahuman says passwords, payment details and credit card information were not accessible. The company also says it has found no evidence of misuse or publication of the accessed information so far. That does not make the incident disappear, but it does narrow the immediate risk.

The most practical concern for users is probably phishing. If someone had access to account details and order history, that could make fake emails or messages look more convincing. A generic scam is easy to spot. A message that references a real purchase, product or account detail can be harder to dismiss at a glance.

What users should do now

Ultrahuman says users should stay alert for unexpected emails, texts or phone calls referencing the company, orders or personal data. That is sensible advice, especially if a message asks users to click a link, act urgently or confirm personal information.

The company says it will not ask users to confirm passwords, payment details or other personal information by email or SMS. Users who receive anything suspicious should avoid clicking links in the message and should go directly through Ultrahuman’s official app or website instead.

Ultrahuman also says it has strengthened access controls, hardened employee endpoint security, increased access audits and added anomaly detection for export volumes on internal systems.

Don’t miss the latest from Gadgets & Wearables

Subscribe to our monthly newsletter and check out our YouTube channel.

You can also follow Gadgets & Wearables on Google News and add us as a preferred source in Google Search.

Add as a preferred source on Google

Marko Maslakovic

Marko founded Gadgets & Wearables in 2014, having worked for more than 15 years in the City of London’s financial district. Since then, he has led the company’s charge to become a leading information source on health and fitness gadgets and wearables. He is responsible for most of the reviews on this website.

Marko Maslakovic has 3122 posts and counting. See all posts by Marko Maslakovic

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.