Under Armour Investigates 72M Customer Records Leaked After Ransomware Attack
Under Armour is probing a data breach after 72 million customer records surfaced online, linked to a November 2025 ransomware attack by the Everest gang. The stolen data posted on a hacking forum in January 2026 includes email addresses, names, dates of birth, genders, geographic locations, and purchase histories, according to reports from TechCrunch and Have I Been Pwned.
The Everest ransomware group initially claimed to have exfiltrated 343GB of data in November, demanding a ransom. When Under Armour reportedly refused to pay, the threat actors released the compromised records. A sample shared with TechCrunch confirmed the exposure of customer purchase details and employee email addresses.
Under Armour stated that payment systems and passwords remained unaffected, asserting that only a "very small percentage" of customers had sensitive data exposed. However, the company contradicted earlier claims that tens of millions of records were compromised. The investigation is ongoing, with external cybersecurity experts assisting in the response.
Under Armour cybersecurity rating report: https://www.rankiteo.com/company/under-armour
"id": "UND1769160679",
"linkid": "under-armour",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '72 million',
'industry': 'Apparel, Fitness',
'name': 'Under Armour',
'type': 'Company'}],
'attack_vector': 'Ransomware',
'customer_advisories': 'Public statement issued',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '72 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate to High',
'type_of_data_compromised': ['Email addresses',
'Names',
'Dates of birth',
'Genders',
'Geographic locations',
'Purchase histories']},
'date_detected': '2025-11',
'date_publicly_disclosed': '2026-01',
'description': 'Under Armour is investigating a data breach after 72 million '
'customer records surfaced online, linked to a November 2025 '
'ransomware attack by the Everest gang. The stolen data '
'includes email addresses, names, dates of birth, genders, '
'geographic locations, and purchase histories. The Everest '
'ransomware group initially claimed to have exfiltrated 343GB '
'of data and demanded a ransom, which Under Armour reportedly '
'refused to pay.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': '72 million customer records',
'identity_theft_risk': 'Yes',
'payment_information_risk': 'No'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes',
'ransom_paid': 'No',
'ransomware_strain': 'Everest'},
'references': [{'source': 'TechCrunch'}, {'source': 'Have I Been Pwned'}],
'response': {'communication_strategy': 'Public statement',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'External cybersecurity experts'},
'threat_actor': 'Everest ransomware gang',
'title': 'Under Armour Data Breach - 72M Customer Records Leaked After '
'Ransomware Attack',
'type': 'Data Breach, Ransomware'}