Polar assures that your health data remains secure after the recent cybersecurity attack.

Polar, known for its top-tier heart rate monitors and running watches, faced a cybersecurity attack this week. On October 11, the company announced on its website’s “updates” section that it had experienced “various levels of disruption,” leading to the temporary shutdown of its login and signup pages.

If you’re a Polar user, you may be concerned about the security of your sensitive health data. However, in an interview, Polar reassured customers that their data “has not been compromised.”

According to a statement on its website, Polar noted, “The online store in the United States has experienced various disruptions, which may have affected individual users’ order information. Preliminary information suggests that only a limited number of customers’ account details were accessed.”

Polar added, “The data breach has impacted only a small number of customers in Polar’s US online store. It does not involve any other customer data stored by Polar. We want to stress that Polar Flow users’ data remained secure during this incident.”

Polar stresses that users don’t need to take any action right now. However, if you wish to make a purchase on the Polar website, you will need to use a guest account.

While Polar indicates that only order information, rather than personal health data, was compromised in this instance, Polar Flow remains an attractive target. Health data is highly valuable to hackers, advertisers, and even certain governments due to its deeply personal nature—imagine the implications of sharing your medical records and GPS location with criminals who could then sell that information to intrusive advertisers or identity thieves.

Polar faced a data leak scandal in 2018 due to weaknesses in user privacy settings, but security measures have improved. Similarly, Garmin dealt with its cybersecurity issues when the Russian hacking group Evil Corp attacked in 2020, causing its services to be offline for over three days.

Here’s how you can protect your data

In today’s world, it’s difficult not to place our trust in online services. As a Senior Fitness and Wearables Editor, I regularly test the latest data-collecting health gadgets, meaning my information is likely spread across numerous databases. So how can you protect yourself?

If you still benefit from services like Strava or Fitbit Premium, you’ll need to keep sharing your health data. If privacy is a concern, check the privacy policies of your fitness trackers; they should specify whether your data is shared with third parties. If you’ve left data on a service you no longer use and want to reduce the risk of a data breach, you can request that the company delete your information.

In the US, your right to delete data varies by state. According to the personal information removal service DeleteMe, only 12 states have comprehensive privacy laws. In the UK, the process is clearer: you can withdraw consent for the use of your data by following the guidelines from the Information Commissioner’s Office. Australians may find it challenging to have their data removed, although there have been discussions about establishing a “right to be forgotten” in Australian law.