TL;DR: The Everest ransomware group breached Under Armour in November 2025 and leaked 72.7 million customer records on January 18, 2026. Stolen data includes names, email addresses, birthdates, genders, ZIP codes, and purchase history. Under Armour stayed silent for months: no breach notification, no customer warning. Have I Been Pwned broke the news when they ingested the data and emailed 72 million affected people. Under Armour finally acknowledged being "aware" of the claims but insists "sensitive personal information" wasn't compromised. If you've ever bought Under Armour gear, your data is likely circulating on criminal forums right now.

The Breach Under Armour Didn't Tell You About

In November 2025, the Everest ransomware group hit Under Armour's systems. They stole data on 72.7 million customers and gave the company a seven-day deadline to pay up or watch their customers' data get dumped publicly.[1]

Under Armour didn't pay. They also didn't tell anyone.

No breach disclosure. No customer notification. No "we take your privacy seriously" press release. Nothing.

Two months passed. On January 18, 2026, Everest made good on their threat and posted the full dataset to a cybercrime forum.[2]

Three days later, Have I Been Pwned (the breach notification service run by security researcher Troy Hunt) ingested the leaked files and began emailing 72 million people that their information had been compromised.[3]

That's how most Under Armour customers learned about it: from a third-party website, not from the company that lost their data.

What Everest Grabbed

According to Have I Been Pwned's analysis of the stolen data:[3]

Personal Data

Names, email addresses, dates of birth, gender

Location Data

ZIP codes/postcodes revealing approximate geographic location

Purchase History

Records of what you bought from Under Armour

Everest claims they also grabbed phone numbers, physical addresses, loyalty program details, and preferred store information.[1] Under Armour hasn't confirmed or denied these additional claims.

What supposedly wasn't stolen: passwords, payment card numbers, and Social Security numbers. Under Armour says there's "no evidence" the breach affected UA.com's payment processing systems.[4]

Under Armour's Response: Deny and Deflect

When The Register first contacted Under Armour about the breach in November 2025, the company didn't respond. They stayed silent through subsequent requests too.[1]

Only after Have I Been Pwned went public did Under Armour acknowledge the situation. Even then, their statement was defensive:

"Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded."[4]

Translation: Names, emails, birthdates, locations, and purchase history aren't "sensitive" to Under Armour.

Troy Hunt, who runs Have I Been Pwned, called out the company's silence: "That's unusual, especially given the size of the organisation, the scale of the breach and the amount of time that has passed since the incident."[3]

Unusual is generous. 72 million people had their data leaked. Under Armour knew about it for months. They said nothing.

Who Is Everest?

Everest has been operating since 2020. They run a triple-threat business model:[1]

  • Double extortion ransomware: Encrypt your data, steal a copy, threaten to leak it if you don't pay
  • Network access brokerage: Sell compromised network access to other criminals
  • Insider recruitment: Pay employees to help breach their own companies

Previous Everest targets include Collins Aerospace, Sweden's power grid, the Brazilian government, and Asus. Under Armour is the latest addition to their collection.

When companies don't pay, Everest posts everything to their leak site. Under Armour didn't pay. Everest posted everything.

Haven't We Been Here Before?

This isn't Under Armour's first massive breach.

In February 2018, attackers compromised MyFitnessPal, the calorie-tracking app Under Armour owned at the time. 150 million accounts were exposed, including usernames, email addresses, and hashed passwords.[5]

That breach was so damaging that Under Armour sold MyFitnessPal to a private equity firm in 2020, partly to distance themselves from the liability.

Six years later, here they are again. Different attackers, same result: millions of customers exposed, company stays quiet as long as possible.

What You Should Do Now

Check Have I Been Pwned

Go to haveibeenpwned.com and enter your email. If you're in the Under Armour breach, it'll tell you.

Watch for Phishing

Scammers now have your name, email, and purchase history. Expect fake "Under Armour account update" and "order confirmation" emails.

Change Passwords

If you reused your Under Armour password anywhere else (don't do that), change it everywhere.

Monitor Your Accounts

Birthdates + email addresses = enough for some account recovery attacks. Check your other accounts for suspicious activity.

Additional steps:

  • Enable 2FA everywhere: If attackers try to use your email for password resets, 2FA stops them
  • Be skeptical of calls: Scammers may have your phone number. Anyone calling about your "Under Armour account" is lying
  • Freeze your credit: Birthdates are used in identity verification. A credit freeze prevents new accounts in your name

The Real Problem

Under Armour knew about this breach for at least two months before the public found out. They had legal obligations to disclose. They didn't.

This pattern repeats constantly. Companies get breached, sit on the information, hope it doesn't leak, get exposed anyway, issue a non-apology statement minimizing the damage.

72 million people. Names. Emails. Birthdates. Locations. Purchase history.

"Sensitive personal information has not been compromised," says Under Armour.

Tell that to the people who'll be getting personalized phishing emails for the next decade.

References

  1. The Register - 72.7M Under Armour accounts hit in alleged ransomware leak
  2. Daily Security Review - Under Armour Account Breach: 72.7 Million Accounts Impacted
  3. TechCrunch - Under Armour says it's 'aware' of data breach claims after 72M customer records were posted online
  4. ABC News - Under Armour looking into data breach affecting customers' email addresses
  5. Huntress - Under Armour MyFitnessPal Data Breach