Big Brands, Bigger Targets: What the Reported Nike and Under Armour Ransomware Attacks Reveal About Fashion’s Cyber Risk

Two of the world’s most recognisable sportswear brands, Nike and Under Armour, have reportedly become the latest high profile names linked to ransomware activity, highlighting a growing and persistent cyber threat facing the global fashion industry.

Ransomware groups have increasingly adopted a public pressure strategy, openly naming alleged victims to force swift payment. In these attacks, malicious software locks companies out of critical systems and data until a ransom is paid, often accompanied by threats to publicly release stolen information if demands are not met.

In Nike’s case, a ransomware group known as WorldLeaks has claimed responsibility. While the full scope of the alleged breach remains unclear, reports suggest that attackers may have accessed customer data, which in similar incidents typically includes names, email addresses, dates of birth and basic profile information. According to reports, the group has posted a countdown timer, warning that the data will be released publicly if payment is not made by a specified deadline.

Nike has acknowledged the situation, saying it is investigating a potential cybersecurity incident and assessing its impact. The company has not confirmed whether customer data was compromised, but reiterated that consumer privacy and data security remain a priority.

Under Armour’s reported breach appears to stem from a separate ransomware incident that allegedly occurred in November, with a group known as Everest claiming responsibility. Unlike Nike, Under Armour has pushed back strongly on the scale of the reports. While initial claims suggested tens of millions of email addresses were compromised, a source familiar with the investigation said only a fraction of that number appears to have been affected.

Under Armour said there is currently no evidence that its ecommerce platform, payment systems or customer passwords were impacted. The company stressed that suggestions of sensitive personal data belonging to tens of millions of customers being compromised are unfounded, and confirmed that external cybersecurity experts are assisting with the ongoing investigation.

These incidents follow a pattern that has been building across the fashion and apparel sector. In April last year, Adidasconfirmed that an unauthorised external party accessed certain consumer data through a third party customer service provider. Adidas said the exposed information was limited to contact details and did not include passwords or payment information.

Just one month later, The North Face disclosed a cyber attack involving credential stuffing, a technique where hackers use previously leaked usernames and passwords to try to gain access to accounts. The brand said customer credit card data remained secure, as that information is not stored on its systems.

The problem is not confined to North America. Luxury and fashion houses overseas have also been targeted, with last year’s victims reportedly including Dior, Harrods, Kering and Marks and Spencer. The consistent thread across these incidents is the appeal of large consumer datasets and the reputational pressure that globally recognised brands face when data security is called into question.

Cybersecurity experts warn that fashion brands are particularly attractive targets due to their vast customer bases, heavy reliance on ecommerce and frequent use of third party service providers. Even when payment information is not compromised, the exposure of contact details can still lead to phishing, identity fraud and long term brand trust issues.

As ransomware tactics continue to evolve, the reported incidents involving Nike and Under Armour serve as another reminder that cybersecurity is no longer just an IT issue. For global brands, it has become a core business risk, one that can directly impact consumer confidence, regulatory scrutiny and long term reputation.

Photo Credit: DepositPhotos.com