(TechGenez) – Under Armour is investigating claims that a cybercriminal posted 72 million customer records online following a November breach claimed by the Everest ransomware group, the sportswear and fitness company confirmed on Monday.
The exposed dataset reportedly includes names, email addresses, genders, dates of birth, approximate locations based on ZIP/postal codes, and purchase history. Have I Been Pwned, a breach notification service, obtained a copy of the data and began alerting affected individuals this week.
Under Armour stated that it is working with external cybersecurity experts and has found no evidence of compromise to its e-commerce platform UA.com, payment processing systems, or password storage.
Breach Details
The Everest ransomware gang claimed responsibility for the November intrusion on its dark web leak site. The group provided TechCrunch with a sample of the stolen data that matched the types of information reported by Have I Been Pwned.
The leaked records also include email addresses belonging to Under Armour employees, suggesting the breach may have accessed internal systems.
Under Armour spokesperson Matt Dornic said: “Our investigation is ongoing. At this time, there’s no evidence this issue affected UA.com or systems used to process payments or store customer passwords.”
The company described the number of affected customers with potentially sensitive information as “a very small percentage” but did not provide a specific figure or define which data categories it considers sensitive.
Company Response
Dornic emphasized that claims of tens of millions of customers having sensitive personal information compromised are “unfounded.” The company has not indicated whether it plans to notify affected individuals or whether it received any ransom demand from the attackers.
Under Armour did not disclose how the breach occurred or what specific vulnerabilities may have been exploited.
The company maintains that core customer-facing systems remain secure and that no payment card or password data was exposed.
Broader Context
- Under Armour joins a growing list of retailers and consumer brands targeted by ransomware and data extortion groups in recent years.
- The breach highlights ongoing risks to customer data in the retail and fitness sectors, where personal information including purchase history can be used for identity theft or targeted scams.
- Everest ransomware has claimed responsibility for multiple high-profile attacks in 2025, often leaking samples to pressure victims.
- Have I Been Pwned has notified 72 million individuals, indicating the scale of potential exposure.
Conclusion
Under Armour’s acknowledgment of the reported breach and ongoing investigation underscores the persistent vulnerability of consumer data in the digital age. While the company maintains that critical systems remain secure, the exposure of 72 million records—if verified—represents one of the largest retail data incidents in recent years and highlights the challenges of protecting customer information in an increasingly connected world.
