Under Armour Investigates 343GB Data Breach After Ransomware Attack
Under Armour is probing a potential data breach after the Everest ransomware group claimed to have stolen 343GB of corporate data, including customer information. The incident came to light in November 2023, when the hackers alleged they infiltrated the company’s systems and later leaked the data online after Under Armour reportedly ignored their ransom demands.
The exposed data, now circulating in hacker forums, includes 72 million email addresses, along with names, dates of birth, and purchase details, according to HaveIBeenPwned.com, which received a copy of the breach. While Under Armour maintains that its investigation is "ongoing" despite the hackers’ public disclosure two months prior the company has not acknowledged the incident on its website or in financial filings. A spokesperson stated that there is "no evidence" the breach affected UA.com, payment systems, or stored customer passwords.
However, signs suggest the breach is legitimate. A Texas customer, Orvin Ganesh, filed a class-action lawsuit after receiving an alert from Capital One’s CreditWise notifying him that his email was found on the dark web in connection with the breach. Additional lawsuits have been filed by former employees in Maryland, where Under Armour is headquartered.
The stolen data poses risks of identity theft, phishing attacks, and other scams, with multiple users reporting similar alerts from CreditWise. The full scope of the breach and its impact on affected individuals remain under investigation.
Under Armour cybersecurity rating report: https://www.rankiteo.com/company/under-armour
"id": "UND1769138941",
"linkid": "under-armour",
"type": "Ransomware",
"date": "11/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '72 million email addresses '
'exposed',
'industry': 'Apparel, Sportswear',
'location': 'Maryland, USA',
'name': 'Under Armour',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '72 million email addresses',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally identifiable information '
'(PII)',
'type_of_data_compromised': ['Email addresses',
'Names',
'Dates of birth',
'Purchase details']},
'date_detected': '2023-11',
'date_publicly_disclosed': '2023-11',
'description': 'Under Armour is investigating a potential data breach after '
'the Everest ransomware group claimed to have stolen 343GB of '
'corporate data, including customer information. The exposed '
'data includes 72 million email addresses, names, dates of '
'birth, and purchase details.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'lawsuits and public disclosure',
'data_compromised': '343GB of corporate data, including 72 million '
'email addresses, names, dates of birth, and '
'purchase details',
'identity_theft_risk': 'High risk of identity theft and phishing '
'attacks',
'legal_liabilities': 'Class-action lawsuits filed by customers and '
'former employees',
'payment_information_risk': 'No evidence of payment information '
'compromise'},
'initial_access_broker': {'data_sold_on_dark_web': 'Data circulating in '
'hacker forums'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain, Data exfiltration',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_paid': 'No (reportedly ignored ransom demands)',
'ransomware_strain': 'Everest'},
'references': [{'source': 'HaveIBeenPwned.com'},
{'source': 'Capital One’s CreditWise'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuits filed'},
'response': {'communication_strategy': 'No public acknowledgment on website '
'or financial filings'},
'threat_actor': 'Everest ransomware group',
'title': 'Under Armour Data Breach After Ransomware Attack',
'type': 'Data Breach, Ransomware'}