Under Armour Responds to Data Breach Impacting 72 Million Users
Athletic apparel giant, Under Armour, is currently investigating a significant data breach. This breach compromised the personal information of approximately 72 million customers. The breach, which took place late last year, has been linked to the Everest ransomware group. The breach became public knowledge after the stolen data was posted online on January 18, 2026.
According to the cybersecurity website, Have I Been Pwned, the compromised data includes:
- Email addresses
- Names
- Genders
- Birth dates
- ZIP codes
- Details of previous purchases
Under Armour has assured that there is currently no evidence suggesting that payment information or customer passwords were accessed during the breach.
In a statement, the Baltimore-based company said: “We have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords.” However, cybersecurity experts have expressed surprise at the lack of a formal disclosure statement from the company. This is particularly notable given the scale of the breach and the time elapsed since the incident occurred in November 2025.
The Everest ransomware group had added Under Armour to its leak site two months ago. They threatened to release the stolen data unless the company paid an undisclosed ransom within seven days. This incident highlights the growing threat of ransomware attacks targeting consumer brands. It also shows the potential for reputational damage even when financial systems remain secure.
Source: ABC News