Hackers claim massive Under Armour data breach as Everest gang posts sample online
Sportswear giant Under Armour is investigating claims of a major data breach after the Everest ransomware group said it had stolen a large cache of internal and customer information and published a sample on its dark web site.
The cybercrime group, which has been linked to hundreds of attacks on organisations worldwide since 2023, says it has exfiltrated 343GB of data from Under Armour. According to a post on its leak site, the haul reportedly includes internal company documents as well as personal information relating to both customers and employees.
Everest has publicly given Under Armour seven days to make contact, displaying a countdown timer alongside a warning that the company must follow its instructions before the deadline expires. This kind of tactic is common in modern ransomware extortion campaigns, where attackers try to maximise pressure by threatening to leak or sell stolen data.
The sample data shared to prove the breach includes personally identifiable information from customers, such as email addresses, phone numbers, order histories, location details, and transaction records. If genuine, this kind of information could be used to fuel identity theft, targeted phishing, social engineering, and financial fraud.
Under Armour has not yet confirmed the incident. TechRadar Pro reports that it has contacted the company for comment but has not received a response. Until there is official confirmation, the hackers’ claims remain unverified in a formal sense, although there is currently little to suggest they are fabricated.
Security experts say customers should act on the assumption that their information may be at risk if the claims are accurate. That means monitoring bank and card statements closely, watching for unfamiliar logins or password reset emails, and considering the use of identity theft protection services where appropriate. Being cautious of unsolicited messages is also crucial, especially emails and texts that appear to come from Under Armour or delivery companies but contain unusual links, spelling errors, or slightly altered domain names.
If confirmed, the incident would add Under Armour to a growing list of retailers and service providers hit by ransomware and data theft in recent months. Everest alone is believed to have targeted more than 250 organisations since last year, including attacks that disrupted services for millions of airline passengers through a Dublin Airport supplier.
The case underscores how valuable customer data has become to cybercriminals, and how a single breach can have significant consequences for brand trust, regulatory exposure, and the safety of customers’ personal information.
Photo Credit: DepositPhotos.com