Wearable ring manufacturer Ultrahuman has disclosed a data breach that allowed unauthorized access to customer wellness information through an internal company tool.

The security incident originated when malware infected an employee's laptop, enabling attackers to steal login credentials that provided access to internal systems. The compromised credentials were subsequently used to gain unauthorized entry to customer data.

Ultrahuman, which produces fitness tracking rings that monitor health metrics, confirmed that hackers were able to access wellness data belonging to customers through the breach. The company has not specified the exact types of health information that may have been compromised or the number of affected users.

The incident highlights ongoing cybersecurity challenges facing wearable technology companies, which collect sensitive personal health data from users. Employee devices remain a common attack vector for cybercriminals seeking to infiltrate corporate networks and access customer information.

Ultrahuman has not yet provided details about when the breach was discovered, what remediation steps have been taken, or whether customers have been directly notified of the incident.