• Home
  • cyber
  • Under Armour: Under Armour Investigates Data Breach
cyber Ransomware

Under Armour: Under Armour Investigates Data Breach

Nov 1, 2025 2 min read
Under Armour: Under Armour Investigates Data Breach

Under Armour Investigates Data Breach After 72 Million Records Leaked Online

Athleisure brand Under Armour is probing a data breach after 72 million alleged customer records surfaced online, posted by a cybercriminal group. The incident was first flagged on January 21, 2026, by data breach tracking site Have I Been Pwned, which linked the exposure to an attack claimed by the Everest ransomware group in November 2025.

The threat actors initially asserted access to 343GB of data, and by January 18, 2026, portions of the stolen information including 72 million email addresses were published on a hacking forum. The compromised data reportedly includes names, dates of birth, genders, geographic locations, and purchase histories, though payment card details and passwords were not explicitly mentioned as part of the leak. Additional reports suggest the breach may have exposed phone numbers, physical addresses, browsing behavior on Under Armour’s websites, and some employee contact information.

Under Armour confirmed the investigation in a statement to Infosecurity, noting that external cybersecurity experts are assisting. The company emphasized that there is no evidence the breach impacted UA.com, payment processing systems, or password storage. While the ransomware group’s claims initially raised concerns about widespread exposure of sensitive data, Under Armour dismissed assertions of a large-scale compromise as "unfounded."

The company reiterated its commitment to data security but has not yet provided further details on the scope of the breach or potential remediation efforts. The incident underscores the growing threat of ransomware groups targeting high-profile brands and monetizing stolen customer data through public leaks.

Source: https://www.infosecurity-magazine.com/news/under-armour-investigates-data/

Under Armour cybersecurity rating report: https://www.rankiteo.com/company/under-armour

"id": "UND1769174623",
"linkid": "under-armour",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '72 million',
                        'industry': 'Athleisure/Retail',
                        'location': 'Global',
                        'name': 'Under Armour',
                        'type': 'Company'}],
 'attack_vector': 'Ransomware',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '72 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PII)',
                 'type_of_data_compromised': ['Names',
                                              'Dates of birth',
                                              'Genders',
                                              'Geographic locations',
                                              'Purchase histories',
                                              'Phone numbers',
                                              'Physical addresses',
                                              'Browsing behavior',
                                              'Employee contact information']},
 'date_detected': '2026-01-21',
 'date_publicly_disclosed': '2026-01-21',
 'description': 'Athleisure brand Under Armour is probing a data breach after '
                '72 million alleged customer records surfaced online, posted '
                'by a cybercriminal group. The incident was first flagged on '
                'January 21, 2026, by data breach tracking site *Have I Been '
                'Pwned*, which linked the exposure to an attack claimed by the '
                'Everest ransomware group in November 2025. The compromised '
                'data reportedly includes names, dates of birth, genders, '
                'geographic locations, purchase histories, phone numbers, '
                'physical addresses, browsing behavior, and some employee '
                'contact information.',
 'impact': {'brand_reputation_impact': 'Potential impact due to public '
                                       'disclosure',
            'data_compromised': '72 million records',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'None (as per Under Armour)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data monetization',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
 'references': [{'date_accessed': '2026-01-21', 'source': 'Have I Been Pwned'},
                {'source': 'Infosecurity'}],
 'response': {'communication_strategy': 'Public statement to Infosecurity',
              'incident_response_plan_activated': 'Yes',
              'third_party_assistance': 'External cybersecurity experts'},
 'threat_actor': 'Everest ransomware group',
 'title': 'Under Armour Data Breach Investigation After 72 Million Records '
          'Leaked Online',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.