What Happened in the Under Armour Data Breach?
Under Armour, the Maryland-based sportswear giant, is reportedly investigating a major data breach that could affect tens of millions of customers. According to cybersecurity researchers, the incident came to light after a ransomware group known as Everest posted claims on a dark web forum. The group alleged it had stolen 343 GB of personal data from the company’s network.
Analysts believe the unauthorized access occurred sometime in late 2025, though Under Armour has not confirmed this timeline. As a result, much about the method of intrusion remains unclear. However, the presence of a substantial data dump posted by Everest suggests attackers had deep access to internal systems before the breach was detected.
The breach surfaced publicly when the data appeared on Have I Been Pwned, a widely used breach-notification service. This listing indicated that roughly 72 million email addresses were included in the leaked dataset. Because Under Armour has not issued an official statement, independent researchers and monitoring services have become the primary source of information for concerned customers.
At this stage, no forensic report has been made public. Therefore, the scope of the intrusion, how long attackers had access, and which specific systems were compromised remain unknown. This lack of transparency has left many affected individuals uncertain about their actual risk.
Who was affected?
The breach appears to affect Under Armour customers whose information was stored in the company’s systems. Given the scale of the alleged leak, this likely includes people who created online accounts, made purchases, or interacted with Under Armour’s digital platforms. Because the brand operates internationally, the affected population could span many countries, though a large share are likely US-based given the company’s American customer base.
Reports suggest that up to 72 million individuals could be impacted. However, this number has not been officially confirmed by Under Armour. Until the company releases a formal statement, this figure should be treated as an estimate based on the leaked email count rather than a verified total.
It is not yet known whether employee data, in addition to customer data, was included in the exposed files. Similarly, there is no confirmation on whether minors who may have purchase histories tied to family accounts were affected. As more details emerge, the scope of affected individuals may become clearer.
What Information Was Potentially Exposed?
Because Under Armour has not confirmed the breach, the exact categories of exposed data remain unverified. However, based on the claims made by the Everest ransomware group and analysis from cybersecurity researchers, several types of personal information may have been compromised.
- Full names
- Dates of birth
- Gender information
- Email addresses
- Physical mailing addresses
- Zip codes
- Purchase history
Although this breach does not appear to involve Social Security numbers or financial account details, the exposed data still carries real risk. For example, names combined with dates of birth and addresses can be used to build detailed profiles for identity theft. This information can also help scammers craft convincing phishing messages.
In addition, purchase history data can reveal spending habits and preferences. As a result, attackers could use this information to create highly targeted scams that appear legitimate. Because email addresses are included, affected individuals may also face an increase in spam or phishing attempts referencing their Under Armour account activity.
What is the company doing?
As of now, Under Armour has not publicly acknowledged the breach or confirmed the ransomware group’s claims. No official statement has been released, and affected individuals have not received written notices from the company. This silence has left many customers relying on third-party reports for information.
Because there has been no formal response, it remains unclear whether Under Armour is offering credit monitoring, identity protection services, or any other remediation to affected customers. If the company confirms the breach, additional protective measures and notification letters would typically follow. Until then, affected individuals should assume they need to take proactive steps on their own.
What Should Affected Individuals Do?
Monitor Your Accounts and Credit Reports
Affected individuals should regularly check their Under Armour account and any linked payment methods for unusual activity. This includes reviewing order histories for purchases that were not authorized. In addition, checking bank and credit card statements can help catch fraudulent charges early.
Because early detection often limits financial damage, it helps to set up account alerts wherever possible. Many banks and credit card companies offer free transaction alerts. As a result, you can respond quickly if something looks suspicious.
Consider a Fraud Alert or Credit Freeze
Although this breach does not appear to involve Social Security numbers, exposed personal details like name, date of birth, and address can still support identity theft attempts. Therefore, placing a fraud alert with one of the three major credit bureaus can add a layer of protection. This makes it harder for someone to open new accounts in your name.
A credit freeze offers even stronger protection by restricting access to your credit report entirely. To set one up, you would contact each of the three bureaus individually. While this requires a bit of effort, it significantly reduces the risk of new fraudulent accounts being opened.
Stay Alert for Phishing Attempts
Because email addresses were reportedly exposed, affected individuals should watch for suspicious emails claiming to be from Under Armour or related brands. These messages may try to trick you into clicking malicious links or providing additional personal information. As a result, it’s wise to avoid clicking links in unsolicited emails.
Instead, go directly to the official Under Armour website or app to check your account status. If an email seems urgent or asks for sensitive information, treat it with caution. Scammers often use recent breach news to make their phishing attempts seem more credible.
Update Passwords and Enable Extra Security
If you have an Under Armour account, it’s a good idea to update your password as a precaution. Choose a strong, unique password that you have not used elsewhere. This helps prevent attackers from using leaked credentials to access other accounts through password reuse.
Additionally, enabling two-factor authentication wherever available adds another layer of security. This means that even if someone obtains your password, they would still need a second verification step to access your account. Taking these steps now can help reduce future risk significantly.
More Information
Official Notice from Cyberinsider
Official Notice from Haveibeenpwned
