Under Armour is investigating a potential data breach after 72 million customer records were allegedly leaked online, raising concerns about ransomware, phishing risks, and data security.

Continue reading
Under Armour is publicly investigating claims of a major data breach after a cybercriminal posted approximately 72 million customer records on underground forums. The incident, first flagged in late January 2026, follows earlier reports of a ransomware claim tied to an intrusion in November 2025. At this stage, the company confirms it is aware of the allegations and working with external cybersecurity experts to determine the scope and impact of the potential compromise.
In January 2026, a dataset purportedly containing millions of Under Armour customer records began circulating on hacker forums. A cybercriminal seller provided samples of the data to journalists, and the breach was independently corroborated by breach notification service Have I Been Pwned (HIBP), which issued alerts to affected users.
Third-party breach tracking sources indicate the dataset likely stems from a November 2025 intrusion. The ransomware group known as Everest claimed responsibility at the time and posted details on its dark-web leak site, asserting possession of 343 GB of exfiltrated data.
According to available sources and independent analysis:
Some reports suggest the leaked dataset may also include:
These additional fields have not been independently verified.
Under Armour has acknowledged the investigation and stated:
Importantly, Under Armour has not issued a detailed public breach notification that meets regulatory standards in major markets.
From a threat analysis perspective:
Even without passwords or financial credentials, the combination of personal identifiers (email, birthdate, purchase history, geography) increases the risk of targeted phishing, social engineering, and identity fraud. Contextual metadata like past purchases or location can make malicious emails appear legitimate.
Attackers often correlate breached data with other leaks to mount credential stuffing attacks on unrelated platforms. These tactics rely on reused passwords or predictable personal information patterns.
A proposed class action lawsuit has been filed alleging negligent data protection and delayed notification practices, which could expose Under Armour to legal and regulatory consequences, especially under privacy regimes like GDPR or state-level data protection laws.
For individuals potentially impacted by this breach:
Check trusted breach databases (e.g., Have I Been Pwned) to confirm if your email is present.
Be cautious of unsolicited communications referencing Under Armour or related account activity.
Even if passwords weren’t part of this leak, update passwords for related accounts and enable strong two-factor authentication (2FA).
Monitor bank and credit activity for unusual behavior; consider fraud alert services where available.
This incident adds to a broader trend of high-profile breaches in 2025–2026 that have affected millions of users across retail, finance, and tech sectors. Companies like TransUnion, Coupang, and others have disclosed significant data incidents, underscoring persistent threats from ransomware and other intrusion methods.

Millions of driver's license records were exposed in a massive data breach, raising identity theft risks and highlighting critical data security failures.