• Home
  • cyber
  • Under Armour: 72.7M Under Armour accounts hit in alleged ransomware leak
cyber Ransomware

Under Armour: 72.7M Under Armour accounts hit in alleged ransomware leak

Jun 16, 2020 2 min read
Under Armour: 72.7M Under Armour accounts hit in alleged ransomware leak

Under Armour Hit by Alleged Ransomware Attack Affecting 72.7 Million Accounts

In November, athletic apparel giant Under Armour fell victim to an alleged ransomware attack by the Everest group, exposing the personal data of 72.7 million accounts. The breach was confirmed by data breach platform Have I Been Pwned (HIBP), which obtained leaked files posted by Everest on a cybercrime forum on January 18.

The compromised data includes names, email addresses, dates of birth, genders, geographic locations, and purchase histories. Everest also claims the leak contains phone numbers, physical addresses, loyalty program details, and preferred store information. Under Armour has not publicly acknowledged the breach and has not responded to media inquiries.

The ransomware group first listed Under Armour on its leak site in November, threatening to release stolen data unless a ransom was paid within seven days. Shortly after, a class-action lawsuit was filed against the company on behalf of affected customers.

Everest, active since 2020, has targeted high-profile organizations, including Collins Aerospace, Sweden’s power grid, and the Brazilian government. Recently, Asus confirmed a separate breach linked to Everest via a compromised supplier. Despite its long history and notable attacks, the group operates with less visibility than other major ransomware operations.

Everest generates revenue through three streams: double extortion ransomware, selling network access, and an insider recruitment program, allowing it to operate with reduced scrutiny.

Source: https://www.theregister.com/2026/01/21/under_armour_everest/

Under Armour cybersecurity rating report: https://www.rankiteo.com/company/under-armour

"id": "UND1769016185",
"linkid": "under-armour",
"type": "Ransomware",
"date": "6/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '72.7 million',
                        'industry': 'Athletic Apparel/Retail',
                        'location': 'Global (Headquartered in the U.S.)',
                        'name': 'Under Armour',
                        'size': 'Large',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '72.7 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (Personally Identifiable '
                                        'Information)',
                 'type_of_data_compromised': ['Names',
                                              'Email addresses',
                                              'Dates of birth',
                                              'Genders',
                                              'Geographic locations',
                                              'Purchase histories',
                                              'Phone numbers',
                                              'Physical addresses',
                                              'Loyalty program details',
                                              'Preferred store information']},
 'date_detected': '2023-11',
 'date_publicly_disclosed': '2024-01-18',
 'description': 'Athletic apparel giant Under Armour fell victim to an alleged '
                'ransomware attack by the Everest group, exposing the personal '
                'data of 72.7 million accounts. The breach was confirmed by '
                'data breach platform *Have I Been Pwned (HIBP)*, which '
                'obtained leaked files posted by Everest on a cybercrime forum '
                'on January 18. The compromised data includes names, email '
                'addresses, dates of birth, genders, geographic locations, and '
                'purchase histories. Everest also claims the leak contains '
                'phone numbers, physical addresses, loyalty program details, '
                'and preferred store information. Under Armour has not '
                'publicly acknowledged the breach and has not responded to '
                'media inquiries.',
 'impact': {'brand_reputation_impact': 'Class-action lawsuit filed',
            'data_compromised': '72.7 million accounts',
            'identity_theft_risk': 'High (PII exposed)',
            'legal_liabilities': 'Class-action lawsuit'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain (ransom, data sales, insider recruitment)',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
 'references': [{'date_accessed': '2024-01-18',
                 'source': 'Have I Been Pwned (HIBP)'},
                {'date_accessed': '2024-01-18',
                 'source': 'Cybercrime forum (Everest leak)'}],
 'regulatory_compliance': {'legal_actions': 'Class-action lawsuit'},
 'response': {'communication_strategy': 'No public acknowledgment'},
 'threat_actor': 'Everest',
 'title': 'Under Armour Hit by Alleged Ransomware Attack Affecting 72.7 '
          'Million Accounts',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.