Under Armour

The Everest ransomware group claimed responsibility for a cyberattack on sportswear retailer **Under Armour**, leaking a sample of stolen data on a dark web site. The hackers allege they exfiltrated **343GB of internal company data**, including **personally identifiable information (PII) of customers and employees**, such as email addresses, phone numbers, order histories, location data, and transaction records. The group demanded ransom negotiations within a **7-day deadline**, threatening further data exposure if unmet.The breach poses severe risks, including **identity theft, social engineering, and financial fraud** for affected customers. Under Armour has not yet publicly confirmed the incident, but the Everest group’s track record—with over **250 victims since 2023**, including high-profile disruptions like the **Dublin Airport supplier attack**—lends credibility to the claim. The leaked data’s sensitivity and scale suggest a **large-scale compromise of both customer and employee records**, heightening reputational, financial, and operational threats to the company.

Source: https://www.techradar.com/pro/security/hackers-claim-to-have-hit-under-armour-in-massive-data-breach

Under Armour cybersecurity rating report: https://www.rankiteo.com/company/under-armour

"id": "UND3992039111825",
"linkid": "under-armour",
"type": "Ransomware",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'potentially thousands (exact '
                                              'number undisclosed)',
                        'industry': 'apparel and accessories',
                        'location': 'United States (global operations)',
                        'name': 'Under Armour',
                        'type': 'retailer (sportswear manufacturer and '
                                'retailer)'}],
 'customer_advisories': ['Monitor accounts for fraud/identity theft.',
                         'Be wary of social engineering attempts (e.g., '
                         'phishing).'],
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 'millions (exact number '
                                              'undisclosed, 343GB of data '
                                              'exfiltrated)',
                 'personally_identifiable_information': ['email addresses',
                                                         'phone numbers',
                                                         'order histories',
                                                         'location data',
                                                         'transaction data'],
                 'sensitivity_of_data': 'high (includes personal and '
                                        'transactional data)',
                 'type_of_data_compromised': ['PII (customers and employees)',
                                              'internal company documents']},
 'description': 'The Everest ransomware group claimed responsibility for '
                'breaching Under Armour, posting a sample of stolen data '
                '(allegedly over millions of personal records and 343GB of '
                'internal company data) on a dark web leak site. The breach '
                'includes personally identifiable information (PII) of '
                'customers and employees, such as email addresses, phone '
                'numbers, order histories, location data, and transaction '
                'data. The group has given Under Armour a 7-day ultimatum to '
                'negotiate a ransom, threatening further data leaks if demands '
                'are not met.',
 'impact': {'brand_reputation_impact': 'high (potential loss of trust due to '
                                       'exposure of sensitive '
                                       'customer/employee data)',
            'data_compromised': ['personally identifiable information (PII)',
                                 'internal company documents',
                                 'email addresses',
                                 'phone numbers',
                                 'order histories',
                                 'location data',
                                 'transaction data'],
            'identity_theft_risk': 'high (customers at risk of identity theft, '
                                   'social engineering, and fraud)'},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'high_value_targets': ['customer PII',
                                                  'internal company '
                                                  'documents']},
 'investigation_status': 'unconfirmed (Under Armour has not publicly '
                         'responded)',
 'motivation': 'financial (ransom extortion)',
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Everest'},
 'recommendations': ['Customers should monitor accounts for suspicious '
                     'activity (identity theft, fraud).',
                     'Use identity theft protection software if concerned.',
                     'Exercise caution with unexpected communications (e.g., '
                     'phishing emails/texts).',
                     'Verify sender authenticity (e.g., check for spoofed '
                     "domains like 'gma1l' instead of 'gmail')."],
 'references': [{'source': 'TechRadar Pro'}, {'source': 'Cybernews'}],
 'threat_actor': 'Everest ransomware group',
 'title': 'Under Armour Data Breach by Everest Ransomware Group',
 'type': ['data breach', 'ransomware attack']}

Under Armour

Asahi Group Holdings

Crisis24 (OnSolve CodeRED)

OnSolve (Crisis24)