Under Armour Data Breach
Under Armour Data Breach
Status: Confirmed
72.7M
records
343GB
Data
Nov 2025 – Jan 2026
Breach Overview
Threat Actor
Everest ransomware group
Vector
Undisclosed intrusion. Likely credential or third-party access
Date of Breach
November 2025
Date of Public Disclosure
January 2026
Data Posted
January 2026 (verified)
Records Exposed
~72,700,000
Data Volume
343GB
Data Source Attribution
DeHashed / HIBP
Summary
In November 2025, the Everest ransomware group claimed to have compromised Under Armour’s systems and exfiltrated approximately 343GB of internal and customer data. After an extortion attempt, portions of the dataset were published publicly on a hacking forum in January 2026.
The leaked data includes tens of millions of customer records tied to Under Armour ecommerce and account systems. The dataset is now actively circulating and indexed across breach aggregation platforms.
This incident is separate from the 2018 MyFitnessPal breach.
About Under Armour
Under Armour is a global athletic apparel and footwear company with a large direct-to-consumer digital footprint. Customer accounts are tied to ecommerce, loyalty programs, fitness integrations, and marketing platforms.
If you have ever:
- Purchased directly from Under Armour online
- Created an account for order tracking or promotions
- Registered products or fitness apps
Your data may be included, even if you no longer use the service.
Data Points Exposed
Confirmed exposed fields include:
Email addresses
Full names
Dates of birth
Gender
Geographic location
Purchase history and transaction metadata
Not reported in this breach:
Social Security numbers
Credit card numbers
That said, purchase and identity context significantly raises downstream risk.
Threat Actor: Everest
- Active ransomware group since 2024
- Known for large-scale data theft and public leaks
- Focuses on extortion through reputational pressure
- Frequently targets consumer-facing brands
- Everest specializes in maximizing reuse value of stolen data rather than quick ransom-only operations.
Impact
This breach materially increases risk for affected individuals due to the quality and context of the exposed data.
Primary risks include:
- AI-assisted phishing referencing real purchases
- Credential stuffing across reused passwords
- Account takeover via social engineering
- Identity fraud using birthdate and location correlation
- Brand-impersonation scams tied to order history
Expect phishing that looks legitimate. It will reference real products and real timelines.
Recommendations for Impacted Individuals
Take action now. Do not wait.
Change Passwords
Under Armour account first
Any account sharing similar credentials
Any account sharing similar credentials
Enable MFA
Email accounts are the priority
Financial and retail platforms next
Financial and retail platforms next
Expect Targeted Phishing
Emails citing orders, refunds, or shipment issues
SMS messages pretending to be customer support
SMS messages pretending to be customer support
Monitor Financial Activity
Watch for small test charges
Review loyalty and rewards accounts
Review loyalty and rewards accounts
Reduce Data Exposure
Suppress public-facing data broker listings
Remove address and profile data where possible
Remove address and profile data where possible
ObscureIQ Advisory
If you are an ObscureIQ client, this breach can be mapped against your active profile to confirm exposure and downstream risk.
If you are not a client, a digital footprint audit will identify whether your data is present in this dataset and others already circulating, similar to confirmed cases like the Ingram Micro breach
Circulating Data Breach Ingram …
This data is live.
Assume it will be exploited.
Credit
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
July 14, 2025
Every time there’s a major data breach, companies scramble to offer “free” credit monitoring. It sounds like a responsible move.…
Credible Threats
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
September 2, 2025
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars. Over 80% of security incidents now start in the browser. Chrome.…
Analysis
Sextortion Spam
May 10, 2025
Sextortion scams aren’t new, but they remain one of the most effective forms of cyber-enabled fraud. These scams don’t rely…
Contact ObscureIQ for a free breach impact check.
If you believe your information may be part of this breach,or want confirmation across other datasets,
We use a multi-layered intelligence stack, combining public and restricted dark-web sources, to confirm whether your data is in circulation.
