TL;DR: The Everest ransomware gang hit Under Armour in November 2025, stole 343GB of data, and demanded payment. Under Armour didn't pay. On January 18, 2026, Everest dumped 72 million customer records on a hacking forum. Names, emails, dates of birth, purchase history: all of it is now circulating. Under Armour keeps saying the claims are "unfounded." The lawsuits say otherwise.

What Happened

On November 16, 2025, the Everest ransomware group posted Under Armour to their leak site. They claimed to have 343GB of company data and gave Under Armour seven days to make contact via encrypted messaging.[1][2]

Under Armour didn't respond, at least not publicly.

Two months later, on January 18, 2026, Everest made good on their threat. They dumped the stolen data on a popular hacking forum. By January 21, Have I Been Pwned had loaded the dataset: 72 million email addresses, now searchable by anyone who's been breached.[3][4]

Under Armour's response? They're "aware of claims" and their investigation is "ongoing." They also said any suggestion that "sensitive personal information of tens of millions of customers has been compromised is unfounded."[2][5]

The data says otherwise.

What's in the Breach

According to Have I Been Pwned and security researchers who analyzed the dump, the leaked data includes:[3][4][6]

  • 72 million email addresses
  • Names: full customer names
  • Dates of birth
  • Genders
  • Geographic locations
  • Purchase history: what you bought, when, where
  • Loyalty program details
  • Preferred store locations

Everest also claims they got phone numbers and physical addresses.[2] Researchers found Under Armour employee email addresses mixed into the dump.[4]

Under Armour says there's "no evidence" that payment systems or passwords were compromised.[5] That's a low bar. They're basically saying: we didn't lose the really catastrophic stuff. Just everything else.

Who Is Everest?

Everest is a Russian-speaking ransomware operation that emerged in December 2020. They've been busy.[1][7]

The group runs what researchers call a "hybrid model": they encrypt systems for ransom, but they also operate as an Initial Access Broker (IAB), selling compromised credentials to other criminal groups. Double the revenue streams.[7]

Recent victims include McDonald's India, Chrysler, and Asus.[1] Under Armour is just the latest company to underestimate them.

Everest's playbook: break in, steal everything, post countdown timers on their leak site, wait for payment. When companies don't pay (and most don't), they dump the data publicly. Under Armour ran out the clock.

The Lawsuits Are Already Flying

Lawyers didn't wait for Under Armour to acknowledge anything. Multiple class action lawsuits have been filed in federal courts in Maryland and Texas.[8][9]

The first lawsuit, Ganesh v. Under Armour Inc. (Case No. 1:25-cv-04106-MJM), was filed in the U.S. District Court for the District of Maryland by law firm Chimicles Schwartz Kriner & Donaldson-Smith.[9][10]

The allegations: Under Armour failed to properly safeguard customer data, failed to notify customers in a timely manner, and let a ransomware group sit on their systems long enough to steal 343GB of information.[8][9]

Here's the thing about data breach lawsuits: companies almost always lose or settle. The question is how much.

This Isn't Under Armour's First Rodeo

Under Armour has been here before. In 2018, an unauthorized intruder accessed 150 million accounts from their MyFitnessPal app and website.[8] That breach included hashed passwords, slightly better than plaintext, but still bad.

Six years later, they got hit again. Different attackers, same result: customer data everywhere.

At some point, you have to wonder if the company is learning anything from these incidents. Based on their "unfounded" statement, the answer might be no.

What You Should Do

Check Have I Been Pwned

Go to haveibeenpwned.com and search your email. The Under Armour breach is already loaded. You'll see if you're in it.

Watch for Phishing

Criminals now know your name, email, DOB, and shopping habits. Expect targeted phishing emails that mention Under Armour orders, fitness apps, or "account verification." Don't click.

Enable 2FA on Everything

If your Under Armour password was reused elsewhere, those accounts are at risk. Turn on two-factor authentication, especially for email and financial accounts.

Freeze Your Credit

Your DOB and email are out there. That's enough for identity thieves to start building a profile. A credit freeze at Equifax, Experian, and TransUnion costs nothing and blocks new accounts.

More protection steps:

  • Change your Under Armour password: Even if UA says passwords weren't taken, why risk it
  • Review your purchase history: Know what data they had on you
  • Monitor your accounts: Set up transaction alerts on financial accounts
  • Consider joining the lawsuit: If you're affected, law firms are collecting plaintiffs

Corporate Denial Is a Pattern

Under Armour's response, calling verified breach data "unfounded," is a playbook move. Companies downplay, delay, and deny until the evidence is overwhelming. Then they settle lawsuits and promise to do better.

Have I Been Pwned didn't add 72 million records to their database on a hunch. Researchers verified the data. The lawsuits are based on real evidence. Under Armour's credibility gap is growing by the day.

If you're an Under Armour customer, assume the worst. Your data is out there. Act accordingly.

References

  1. The Register - 72.7M Under Armour accounts hit in alleged ransomware leak
  2. Malwarebytes - Under Armour ransomware breach: data of 72 million customers appears on the dark web
  3. Have I Been Pwned - Under Armour Data Breach
  4. Bitdefender - Was Your Data Exposed in the Latest Under Armour Breach?
  5. Security Affairs - Investigation underway after 72M Under Armour records surface online
  6. Fox News - Under Armour investigates data breach claims affecting 72 million
  7. Cyber Magazine - Who is Behind Under Armour's Reported Data Breach?
  8. Top Class Actions - Under Armour class action alleges company failed to protect customer data
  9. ClassAction.org - Under Armour Failed to Protect Sensitive Info, Class Action Lawsuit Says
  10. Chimicles Schwartz Kriner & Donaldson-Smith - Under Armour Data Breach Investigation