Ultrahuman confirms data breach after hackers gain access to customer wellness data
Follow UsThe breach occurred on March 27 and affected around 0.1 per cent of Ultrahuman's user base, according to the company.
Ultrahuman said passwords, payment details, production systems and wearable devices were not compromised.
The company claims it detected the intrusion within hours, isolated the affected system and has begun notifying regulators and impacted users.
Indian wearable technology company Ultrahuman has confirmed a cybersecurity incident that exposed wellness-related customer data after attackers gained access to an internal system via credentials stolen from an employee’s compromised device.
SurveyThe Bengaluru based startup informed affected users that the breach happened on March 27 and was traced back to malware installed on an employee’s laptop. As per the company, the attackers used the stolen login details to access an internal analytics platform containing customer wellness information.
Ultrahuman said its security systems detected suspicious activity within hours and the affected system was immediately isolated from the network. The company also revoked all access linked to the compromised credentials and launched an internal investigation into the incident.
Also read: Microsoft AI chief says future artificial intelligence should help humans, not replace them
For the unversed, the startup is known for its smart health-tracking devices, including the Ring Air and Ring Pro. It stated the breach affected around 0.1 per cent of its user base. Based on the company’s previously reported active user numbers, the incident may have impacted hundreds of customers. However, the company has not disclosed an exact figure.
The company has also stressed that passwords, payment information, production systems and users’ wearable devices were not compromised. It also mentioned that the attackers only got read-only access to the affected system.
In a statement, Ultrahuman CEO Mohit Kumar said the company responded quickly after detecting the intrusion and moved to close the security gap. He added that regulators are being notified and that customer notifications were sent after the company completed an initial assessment of the incident.
However, Ultrahuman has not revealed the specific type of wellness data that was accessed, nor has it confirmed whether any customer information was downloaded or extracted by the attackers. The company also declined to comment on whether it had received any communication from those responsible for the breach.
