Under Armour Investigates Alleged Data Breach Affecting 72M Accounts
Everest claims a ransomware leak; HIBP confirms a large customer dataset.
Under Armour is investigating a reported breach after a dataset tied to the company appeared on underground forums and was ingested by Have I Been Pwned (HIBP). The leak is linked to claims by the Everest ransomware group, which listed Under Armour on its leak site in late 2025. HIBP reports ~72.7 million unique email addresses plus profile details. Under Armour says it has no evidence that payment systems or customer passwords were impacted.
What’s in the dataset (per reporting):
- Email addresses
- Names, dates of birth, gender, ZIP codes
- Location and purchase‑related context
Even without passwords, that’s enough for targeted phishing and account takeover attempts elsewhere. It’s a privacy and trust problem at scale, not just a technical one.
What organizations should take from this: 1) Data minimization matters. If you don’t keep it, you can’t leak it. 2) Marketing/profile databases should be segmented just like payment systems. 3) Speed of disclosure matters once a leak site posts first.
Sources:
- SecurityWeek: https://www.securityweek.com/under-armour-looking-into-data-breach-affecting-customers-email-addresses/
- The Register: https://www.theregister.com/2026/01/21/under_armour_everest/
- Malwarebytes: https://www.malwarebytes.com/blog/news/2026/01/under-armour-ransomware-breach-data-of-72-million-customers-appears-on-the-dark-web
- Have I Been Pwned: https://haveibeenpwned.com/Breach/UnderArmour
Image credit: Under Armour logo (trademark) via Wikimedia Commons — https://upload.wikimedia.org/wikipedia/commons/4/44/Under_armour_logo.svg
Liked this post ? You can buy me a coffee