Jones Day Hit by Phishing Attack, Client Data Accessed in Breach Claimed by Cybercriminal Group Global law firm Jones Day confirmed a phishing attack in which hackers accessed files belonging to 10 clients, a breach later claimed by the cybercriminal group Silent. The incident, disclosed on Monday, involved unauthorized access to a limited set of dated client documents, according to a statement from spokesperson Dave Petrou. All affected clients have since been notified, though their identities remain undisclosed. Silent, a known extortion-focused threat group, listed Jones Day as a victim on its dark web leak site, taking credit for the attack. The firm, which has previously faced cybersecurity incidents including a 2021 breach with undisclosed details represents high-profile clients such as Goldman Sachs, McDonald’s, and General Motors. No further information on the scope of the compromised data or the timeline of the attack has been released. The incident underscores the persistent targeting of legal firms by cybercriminals seeking sensitive corporate information.

Nike Targeted in Alleged Ransomware Attack by WorldLeaks Group Global sportswear giant Nike is facing an alleged cyberattack by the ransomware group WorldLeaks, which has publicly claimed responsibility for the breach. The group announced on its leak site that stolen data will be released this Saturday at 6 p.m., escalating pressure on the company as part of an aggressive extortion campaign. WorldLeaks, known for its high-profile enterprise targeting, typically publishes victim announcements to coerce ransom payments. As of now, Nike has not issued a public confirmation of the intrusion, and independent verification from security researchers remains unavailable. The exact scope of the stolen data is unconfirmed, though WorldLeaks claims to have exfiltrated a substantial volume of internal information potentially ranging from hundreds of gigabytes to multiple terabytes. Historically, ransomware groups like WorldLeaks gain initial access through compromised VPN credentials, exploited vulnerabilities in internet-facing applications, or spear-phishing campaigns. Once inside, attackers move laterally to identify and exfiltrate high-value data before deploying encryption. The stolen material may include corporate documents, employee records, customer databases, supplier communications, contracts, and HR data. If the data is published, the fallout could be significant. Exposed employee records may lead to phishing and identity fraud, while leaked customer and partner information could enable social engineering attacks and supply chain compromises. Strategic document disclosures may also undermine competitive positioning and reveal sensitive business operations. Security teams are expected to analyze any released data to verify authenticity, assess breach scope, and evaluate downstream risks for connected organizations. The incident underscores the growing threat of data-extortion ransomware attacks targeting major enterprises.

Nike Faces Lawsuit Over January 2026 Data Breach Impacting Thousands A proposed class-action lawsuit was filed against Nike in the U.S. District Court for the District of Oregon on Tuesday, alleging the company failed to implement adequate data security measures, leading to a breach of customer information. The complaint accuses Nike of violating common law, contract obligations, industry standards, and the Federal Trade Commission Act by neglecting reasonable safeguards. The breach, discovered on January 21, 2026, involved unauthorized access to a third-party portal. However, Nike did not notify affected customers until nearly a month later. Lead plaintiff Maria Gomez claims the company’s delayed response and insufficient security protocols exposed sensitive data, leaving thousands at risk. The lawsuit highlights growing scrutiny over corporate data protection practices and the legal consequences of failing to meet regulatory and industry expectations. The case remains pending in federal court.

Nike Investigates 1.4TB Data Breach Linked to WorldLeaks Nike is probing a potential cybersecurity incident after the threat actor WorldLeaks listed the company on its data leak site, claiming to have stolen 1.4TB of internal design and manufacturing data. The breach, disclosed in recent days, includes samples of files from directories such as "Women’s Sportswear," "Men’s Sportswear," and "Garment Making Process." Nike confirmed it is assessing the situation but has not verified the claims, stating that no customer or employee personally identifiable information (PII) was compromised. WorldLeaks, believed to be the successor to the defunct Hunters International ransomware group, specializes in data theft rather than encryption, reflecting a growing trend among cybercriminals to prioritize extortion over disruptive attacks. The group has previously targeted high-profile organizations, including Dell and Chain IQ, and is known for its prolific victim list. Nike, which has largely avoided major publicized cyberattacks, now joins a growing list of corporations facing data exfiltration threats. While the full scope of the breach remains under investigation, the incident underscores the persistent risk of intellectual property theft in the manufacturing and retail sectors. Hunters International, WorldLeaks’ predecessor, disbanded in mid-2025, releasing decryption tools for past victims though some researchers suspect the move was a tactic to evade law enforcement scrutiny.

Nike Investigates Alleged Data Breach Following Cybercrime Group’s Leak Claims Global sportswear giant Nike is probing a potential data breach after a cybercrime group claimed to have leaked sensitive business data tied to the company. The incident, first reported by cybersecurity sources, raises concerns about the scope and nature of the exposed information, though Nike has not yet confirmed the authenticity or details of the leak. The breach claim emerged as part of a broader trend of cybercriminals targeting high-profile corporations, with threat actors increasingly leveraging stolen data for extortion or public disclosure. While the exact timeline and method of the alleged intrusion remain unclear, the incident underscores the persistent risks faced by multinational enterprises in safeguarding proprietary and operational data. Nike’s investigation is ongoing, with no official statement yet on the potential impact on customers, employees, or business partners. The company joins a growing list of organizations including healthcare providers, media outlets, and tech platforms facing heightened cyber threats in 2025. Further updates are expected as the probe progresses.

Nike Listed as Victim by World Leaks Ransomware Gang, Data Leak Threatened Nike has been named as a victim by the World Leaks ransomware group, which claimed on its darknet leak site that it will publish stolen data within 48 hours. The announcement, posted on January 22, included no evidence of the breach or a ransom demand, though the post had already been viewed over 400 times at the time of reporting. A Nike spokesperson confirmed awareness of the incident, stating the company is "investigating a potential cybersecurity incident" while emphasizing its commitment to consumer privacy and data security. World Leaks, believed to be a rebrand of the Hunters International ransomware group, shifted its tactics in January 2025, abandoning encryption-based attacks in favor of data exfiltration-only extortion. Since its emergence, the group has claimed 116 victims, including Australian petroleum distributor Kel Campbell in June 2025. Unlike its predecessor, World Leaks does not encrypt victim systems, relying instead on the threat of public data leaks to pressure targets. The group’s latest claim against Nike marks one of its highest-profile incidents to date.

Nike Targeted in WorldLeaks Ransomware Attack, Data Extortion Threatened Nike has fallen victim to a data extortion attack by the financially motivated ransomware group WorldLeaks, which announced the breach on its darknet leak site on January 22, 2026. The group threatened to release stolen data by January 25, 2026, at 6 PM GMT, though the exact volume of exfiltrated information remains unconfirmed. Industry analysts estimate it could reach several terabytes, based on the group’s past attacks. Nike acknowledged the incident in a statement, confirming it is actively investigating the breach. According to reports, the attack compromised: - 481,183 user accounts - 220 employee records - 444 third-party credentials Potentially exposed data includes internal documentation, customer information, employee contact details, operational records, and HR data. The full scope of sensitive material such as intellectual property or financial records remains under investigation. WorldLeaks, a rebrand of Hunters International (active since January 2025), operates an extortion-only model, focusing on data theft rather than encryption to evade detection. The group maintains a four-platform infrastructure, including a public leak site, negotiation portal, and an "Insider" journalist platform for early data access. Since its formation, WorldLeaks has claimed 116 victims, including Dell Technologies (1.3TB stolen) and L3Harris Technologies, a U.S. defense contractor. Initial access is typically gained through phishing, unpatched applications, or VPNs without multi-factor authentication (MFA). Post-compromise, the group uses credential theft, lateral movement, and custom exfiltration tools to extract data. This attack follows a recent trend of targeted cyberattacks on retail and apparel sectors, particularly organizations with weak authentication and high-value intellectual property. Security researchers note the group’s preference for high-profile victims with vulnerable infrastructure.

Nike and Under Armour Hit by Ransomware Attacks as Cyber Threats Target Major Brands Nike and Under Armour have become the latest high-profile victims of ransomware attacks, with cybercriminals leveraging extortion tactics to demand payments. The incidents highlight the growing threat to global apparel brands, following similar breaches at Adidas and The North Face last year. Nike is currently investigating a potential cybersecurity incident after the ransomware group WorldLeaks claimed responsibility, threatening to release stolen data by 6 p.m. Saturday unless a ransom is paid. While the full scope of compromised data remains unclear, ransomware attacks typically involve customer details such as names, emails, and birthdates. Nike confirmed it is actively assessing the situation, stating, “We always take consumer privacy and data security very seriously.” Under Armour, meanwhile, disclosed a breach that occurred in November 2023, with the ransomware gang Everest taking credit. Initial reports suggested 72 million email addresses were exposed, but a source close to the investigation disputed this, indicating only a “fraction” of that number was compromised. Under Armour confirmed the breach but emphasized that its e-commerce platform (UA.com) and payment systems remain unaffected. The company is working with external cybersecurity experts to determine the full impact. These attacks follow a pattern of escalating cyber threats against major fashion and apparel brands. Last year, Adidas confirmed a breach via a third-party customer service provider, exposing consumer contact details but no financial data. The North Face also faced a credential-stuffing attack, though payment information remained secure. International brands, including Dior, Harrods, Kering, and Marks & Spencer, have also been targeted in recent years. As ransomware groups continue to pressure victims with public leaks and countdown threats, the incidents underscore the persistent risks to corporate data security in the retail sector.

Nike Investigates Reported Ransomware Attack Amid Data Leak Threats Nike is actively investigating a potential cybersecurity incident following claims by the hacking group World Leaks that it had stolen company data. The group threatened to publish the data within 48 hours unless a ransom demand was met, though specifics of the stolen information remain unclear. This follows a 2023 ransomware attack on Nike, where another group exfiltrated customer data including names, email addresses, genders, dates of birth, and purchase details later reported by TechCrunch. The latest incident suggests a possible pattern of targeting by ransomware actors. Nike, headquartered in Beaverton, Oregon, confirmed the investigation in a statement on August 1, 2024, emphasizing its commitment to consumer privacy and data security. No further details on the scope or impact of the breach have been disclosed. The incident adds to a growing trend of high-profile ransomware attacks on major brands, with Under Armour also recently targeted. Authorities and cybersecurity experts continue to monitor the situation.