A massive data breach reportedly affecting Under Armour has led to the exposure of over 72 million email addresses and personal details. The breach, attributed to the Everest ransomware group, took place in November 2025, with the stolen data surfacing on public hacking forums in January 2026. This breach has now been added to the Have I Been Pwned (HIBP) database, alerting users to the compromised information.
The Scope of the Data Leak
The breach, first claimed by Everest in late 2025 as part of a ransomware attack, allegedly resulted in the exfiltration of 343GB of data from Under Armour. The attackers demanded a ransom, threatening to leak the information unless payment was made within seven days. When no payment was received, the group published the stolen data on dark web forums, where it quickly spread. The leak contains a wealth of sensitive data, including:
- 72.7 million unique email addresses
- Full names, dates of birth, gender, and physical addresses
- Purchase history, shopping preferences, and last-viewed products
- Internal company data, including employee contact details and loyalty program records
With 76% of these email addresses already present in the HIBP database from previous breaches, the exposed data is a potential goldmine for cybercriminals seeking to launch phishing campaigns, identity theft schemes, or other malicious activities.
Privacy and Security Risks for Affected Users
The inclusion of personal data such as full names, physical addresses, and shopping history increases the risks for affected users, as these details can be exploited for targeted phishing, harassment, or even physical threats. Furthermore, users who reuse passwords across platforms may also be vulnerable to credential-stuffing attacks.
HIBP users who receive breach alerts should immediately monitor their financial accounts for signs of fraudulent activity. Additionally, any users affected by this breach should be extra cautious of unsolicited emails or SMS messages that may attempt to exploit the leaked information.
Ongoing Legal and Corporate Response
As of now, Under Armour has not confirmed the full scale of the breach and has yet to notify affected customers. However, several class action lawsuits have already been filed in the United States, accusing the company of failing to implement adequate security measures to protect user data.
As the investigation continues, this breach serves as a stark reminder of the importance of strong data security measures for companies handling sensitive customer information.
