Under Armour Data Exposure Incident Highlights Password Reset Security Risks A recent security incident involving Under Armour has drawn attention to potential vulnerabilities in password reset mechanisms. On January 22, 2026, reports emerged that users of the company’s platforms received unsolicited password reset emails, raising concerns about unauthorized access attempts or misconfigured security protocols. The emails, sent to registered account holders, contained standard instructions for resetting passwords including prompts to create a new, unique password and recovery options tied to email verification. While Under Armour has not confirmed a breach, the incident underscores risks associated with automated password reset systems, such as phishing susceptibility or account enumeration attacks. The event follows a broader trend of cybersecurity threats targeting authentication processes, particularly in retail and fitness sectors where user data is frequently accessed. No official statement from Under Armour has detailed the cause or scope of the issue, but the timing aligns with heightened scrutiny of corporate security practices in early 2026. The incident serves as a reminder of the importance of monitoring unexpected account notifications and verifying the legitimacy of password reset requests. Further updates are expected as investigations continue.

Under Armour Investigates Data Breach in 2025 Under Armour, the Baltimore-based global athletic apparel and footwear company, is investigating a suspected data breach as of December 2025. The incident, which came to light in recent weeks, has prompted the company to assess the scope and potential impact on its systems and customer data. While details remain limited, the breach appears to involve unauthorized access to Under Armour’s digital infrastructure. The company has not yet confirmed whether sensitive information such as customer records, payment details, or proprietary data was compromised. Investigations are ongoing, with cybersecurity experts and internal teams working to determine the extent of the exposure. Under Armour, headquartered in Baltimore’s Harbor East, has not disclosed specific timelines for the breach or the methods used by threat actors. The incident underscores the persistent cybersecurity risks faced by major corporations, particularly in the retail and consumer goods sectors, where large volumes of personal and financial data are frequently targeted. As the investigation continues, the company has not issued public statements on potential regulatory notifications or remediation efforts. The outcome of the probe could have implications for Under Armour’s data security practices and customer trust.

The Everest Ransomware group executed a high-profile attack on Under Armour, exfiltrating 340 GB of sensitive data, including customer PII (email addresses, phone numbers, physical locations, passport details, gender info, purchase histories) and internal company data (product SKUs, marketing/sales strategies). The group employed double extortion, encrypting systems while threatening to sell the stolen data on the dark web if a Monero (XMR) ransom is not paid within 7 days. The breach exposes Under Armour to severe risks: identity theft, financial fraud, reputational damage, and competitive intelligence leaks. The attack leverages AES+DES encryption, with Russian-language code suggesting geopolitical targeting avoidance. Under Armour’s silence on the incident heightens uncertainty, while the stolen data’s sensitivity—particularly passport details and precise location data—raises concerns over compliance violations and long-term customer trust erosion. The group’s shift from Bitcoin to Monero underscores its focus on evading law enforcement tracking, amplifying the threat’s sophistication.

Under Armour Investigates 72M Customer Records Leaked After Ransomware Attack Under Armour is probing a data breach after 72 million customer records surfaced online, linked to a November 2025 ransomware attack by the Everest gang. The stolen data posted on a hacking forum in January 2026 includes email addresses, names, dates of birth, genders, geographic locations, and purchase histories, according to reports from TechCrunch and Have I Been Pwned. The Everest ransomware group initially claimed to have exfiltrated 343GB of data in November, demanding a ransom. When Under Armour reportedly refused to pay, the threat actors released the compromised records. A sample shared with TechCrunch confirmed the exposure of customer purchase details and employee email addresses. Under Armour stated that payment systems and passwords remained unaffected, asserting that only a "very small percentage" of customers had sensitive data exposed. However, the company contradicted earlier claims that tens of millions of records were compromised. The investigation is ongoing, with external cybersecurity experts assisting in the response.

Under Armour Investigates Data Breach After 72 Million Records Leaked Online Athleisure brand Under Armour is probing a data breach after 72 million alleged customer records surfaced online, posted by a cybercriminal group. The incident was first flagged on January 21, 2026, by data breach tracking site Have I Been Pwned, which linked the exposure to an attack claimed by the Everest ransomware group in November 2025. The threat actors initially asserted access to 343GB of data, and by January 18, 2026, portions of the stolen information including 72 million email addresses were published on a hacking forum. The compromised data reportedly includes names, dates of birth, genders, geographic locations, and purchase histories, though payment card details and passwords were not explicitly mentioned as part of the leak. Additional reports suggest the breach may have exposed phone numbers, physical addresses, browsing behavior on Under Armour’s websites, and some employee contact information. Under Armour confirmed the investigation in a statement to Infosecurity, noting that external cybersecurity experts are assisting. The company emphasized that there is no evidence the breach impacted UA.com, payment processing systems, or password storage. While the ransomware group’s claims initially raised concerns about widespread exposure of sensitive data, Under Armour dismissed assertions of a large-scale compromise as "unfounded." The company reiterated its commitment to data security but has not yet provided further details on the scope of the breach or potential remediation efforts. The incident underscores the growing threat of ransomware groups targeting high-profile brands and monetizing stolen customer data through public leaks.

Under Armour Hit by Ransomware Attack, 72M Customer Records Leaked Under Armour suffered a ransomware attack in November, with stolen customer data surfacing on a hacking forum this week. The breach exposed 72 million email addresses, along with additional personal details such as dates of birth and purchase histories. While 76% of the emails were already part of previously leaked datasets, the inclusion of enriched data like transaction records heightens the risk of targeted phishing and identity theft. The incident underscores the growing threat of ransomware attacks that not only encrypt data but also exfiltrate sensitive information for extortion or resale. The leaked records could be exploited for fraudulent schemes, particularly given the combination of contact details and behavioral data. Under Armour has not publicly disclosed further details on the attack’s scope or response efforts.

Under Armour Investigates Data Breach Affecting 72 Million Customers Under Armour is probing a data breach that exposed 72 million email addresses and personal details, including names, genders, birthdates, and ZIP codes. The incident, believed to have occurred late last year, was flagged by cybersecurity platform Have I Been Pwned, though the company has not issued an official disclosure. In a statement, Under Armour asserted there is no evidence that its e-commerce platform (UA.com), payment systems, or customer passwords were compromised. Cybersecurity expert Troy Hunt, founder of Have I Been Pwned, noted the delay in public acknowledgment as unusual given the breach’s scale but acknowledged the challenges of responding to criminal attacks. The company, headquartered in Baltimore, continues its investigation, emphasizing that claims of widespread sensitive data exposure remain unsubstantiated. --- Federal Immigration Enforcement Sparks Backlash in Maine A sweeping U.S. Immigration and Customs Enforcement (ICE) operation in Maine has drawn criticism from state officials and community leaders over its scope and lack of transparency. Governor Janet Mills, a Democrat, demanded federal authorities provide arrest warrants and real-time data, questioning the justification for targeting the state’s immigrant population roughly 4% of its 1.4 million residents. ICE reported approximately 50 arrests on the first day of the operation, with 1,400 individuals identified as targets. The Department of Homeland Security (DHS) described the effort as focused on "the worst of the worst criminal illegal aliens," citing convictions for offenses like aggravated assault and child endangerment. However, Mills and local law enforcement raised concerns that arrests may not align with this stated priority. Cumberland County Sheriff Kevin Joyce reported the detention of a corrections officer recruit hired in February 2024 after passing background checks, fingerprinting, and a polygraph despite his federally verified work authorization. Joyce called the arrest "bush-league policing," criticizing the heavy-handed tactics and lack of clarity surrounding the recruit’s immigration status. The operation has heightened anxiety in immigrant communities, particularly in Portland and Lewiston, where families are avoiding public spaces, work, and schools. Businesses reliant on immigrant labor have also reported disruptions. Community leaders, including Biddeford resident Cristian Vaca a legally present roofer with a work permit described aggressive encounters with ICE agents, including threats against his family. Federal prosecutors have warned against interfering with enforcement actions, while demonstrators in Portland and Scarborough protested the operation’s secrecy and perceived overreach. Mills, though respecting federal authority, questioned the necessity of the large-scale effort in a state with no recent surge in violent crime tied to immigrants. DHS and ICE have not provided updated arrest numbers or details on detainee locations.

Under Armour Investigates 343GB Data Breach After Ransomware Attack Under Armour is probing a potential data breach after the Everest ransomware group claimed to have stolen 343GB of corporate data, including customer information. The incident came to light in November 2023, when the hackers alleged they infiltrated the company’s systems and later leaked the data online after Under Armour reportedly ignored their ransom demands. The exposed data, now circulating in hacker forums, includes 72 million email addresses, along with names, dates of birth, and purchase details, according to HaveIBeenPwned.com, which received a copy of the breach. While Under Armour maintains that its investigation is "ongoing" despite the hackers’ public disclosure two months prior the company has not acknowledged the incident on its website or in financial filings. A spokesperson stated that there is "no evidence" the breach affected UA.com, payment systems, or stored customer passwords. However, signs suggest the breach is legitimate. A Texas customer, Orvin Ganesh, filed a class-action lawsuit after receiving an alert from Capital One’s CreditWise notifying him that his email was found on the dark web in connection with the breach. Additional lawsuits have been filed by former employees in Maryland, where Under Armour is headquartered. The stolen data poses risks of identity theft, phishing attacks, and other scams, with multiple users reporting similar alerts from CreditWise. The full scope of the breach and its impact on affected individuals remain under investigation.

Nike and Under Armour Hit by Ransomware Attacks as Cyber Threats Target Major Brands Nike and Under Armour have become the latest high-profile victims of ransomware attacks, with cybercriminals leveraging extortion tactics to demand payments. The incidents highlight the growing threat to global apparel brands, following similar breaches at Adidas and The North Face last year. Nike is currently investigating a potential cybersecurity incident after the ransomware group WorldLeaks claimed responsibility, threatening to release stolen data by 6 p.m. Saturday unless a ransom is paid. While the full scope of compromised data remains unclear, ransomware attacks typically involve customer details such as names, emails, and birthdates. Nike confirmed it is actively assessing the situation, stating, “We always take consumer privacy and data security very seriously.” Under Armour, meanwhile, disclosed a breach that occurred in November 2023, with the ransomware gang Everest taking credit. Initial reports suggested 72 million email addresses were exposed, but a source close to the investigation disputed this, indicating only a “fraction” of that number was compromised. Under Armour confirmed the breach but emphasized that its e-commerce platform (UA.com) and payment systems remain unaffected. The company is working with external cybersecurity experts to determine the full impact. These attacks follow a pattern of escalating cyber threats against major fashion and apparel brands. Last year, Adidas confirmed a breach via a third-party customer service provider, exposing consumer contact details but no financial data. The North Face also faced a credential-stuffing attack, though payment information remained secure. International brands, including Dior, Harrods, Kering, and Marks & Spencer, have also been targeted in recent years. As ransomware groups continue to pressure victims with public leaks and countdown threats, the incidents underscore the persistent risks to corporate data security in the retail sector.

Under Armour Investigates Data Breach Affecting 72 Million Customers Sportswear giant Under Armour is probing a major data breach that exposed the personal details of millions of customers. The incident, believed to have occurred in late 2023, compromised an estimated 72 million email addresses, along with additional data such as names, genders, birthdates, and postcodes. While the company confirmed the breach, it stated there is no evidence that passwords or financial information were accessed. In an official statement, Under Armour clarified that its e-commerce platform (UA.com) and payment systems remained unaffected, dismissing claims of widespread exposure of sensitive data. Cybersecurity researcher Troy Hunt, founder of Have I Been Pwned, supported Under Armour’s assessment, noting that available evidence aligns with the company’s findings. The investigation remains ongoing as the company works to determine the full scope of the incident.

The Everest ransomware group claimed responsibility for a cyberattack on sportswear retailer Under Armour, leaking a sample of stolen data on a dark web site. The hackers allege they exfiltrated 343GB of internal company data, including personally identifiable information (PII) of customers and employees, such as email addresses, phone numbers, order histories, location data, and transaction records. The group demanded ransom negotiations within a 7-day deadline, threatening further data exposure if unmet.The breach poses severe risks, including identity theft, social engineering, and financial fraud for affected customers. Under Armour has not yet publicly confirmed the incident, but the Everest group’s track record—with over 250 victims since 2023, including high-profile disruptions like the Dublin Airport supplier attack—lends credibility to the claim. The leaked data’s sensitivity and scale suggest a large-scale compromise of both customer and employee records, heightening reputational, financial, and operational threats to the company.

Under Armour Data Breach Exposes User Accounts to Credential-Stuffing Attack Under Armour recently confirmed a data security incident involving unauthorized access to a subset of user accounts on its platform. The breach, detected in early 2024, stemmed from a credential-stuffing attack, where threat actors used previously leaked login credentials from other breaches to gain access to Under Armour accounts. The company reported that attackers successfully accessed accounts where users had reused passwords across multiple platforms. While no payment or financial data was compromised, exposed information included usernames, email addresses, and hashed passwords. Under Armour has since reset passwords for affected accounts and implemented additional security measures, including multi-factor authentication (MFA) enforcement. The incident highlights the ongoing risks of password reuse and the effectiveness of credential-stuffing attacks, which remain a common tactic among cybercriminals. Under Armour has notified impacted users and is working with cybersecurity firms to investigate the scope of the breach. No evidence suggests that the attack originated from a vulnerability within Under Armour’s systems.

Under Armour Hit by Alleged Ransomware Attack Affecting 72.7 Million Accounts In November, athletic apparel giant Under Armour fell victim to an alleged ransomware attack by the Everest group, exposing the personal data of 72.7 million accounts. The breach was confirmed by data breach platform Have I Been Pwned (HIBP), which obtained leaked files posted by Everest on a cybercrime forum on January 18. The compromised data includes names, email addresses, dates of birth, genders, geographic locations, and purchase histories. Everest also claims the leak contains phone numbers, physical addresses, loyalty program details, and preferred store information. Under Armour has not publicly acknowledged the breach and has not responded to media inquiries. The ransomware group first listed Under Armour on its leak site in November, threatening to release stolen data unless a ransom was paid within seven days. Shortly after, a class-action lawsuit was filed against the company on behalf of affected customers. Everest, active since 2020, has targeted high-profile organizations, including Collins Aerospace, Sweden’s power grid, and the Brazilian government. Recently, Asus confirmed a separate breach linked to Everest via a compromised supplier. Despite its long history and notable attacks, the group operates with less visibility than other major ransomware operations. Everest generates revenue through three streams: double extortion ransomware, selling network access, and an insider recruitment program, allowing it to operate with reduced scrutiny.