Sportswear giant Under Armour is currently investigating claims of a significant data breach after customer records, potentially numbering around 72 million, appeared on a hacking forum. The incident came to light as millions of users received alerts indicating their personal information may have been compromised. While the company's investigation is ongoing, cybersecurity experts reviewing the leaked data suggest it contains personal details linked to customer purchases.

Key Takeaways

• Approximately 72 million customer records have reportedly surfaced on a hacking forum.

• The exposed data includes names, email addresses, dates of birth, genders, approximate locations, and purchase history.

• Under Armour states there is no evidence that its website, payment systems, or customer passwords were compromised.

• The breach is believed to be linked to a ransomware attack in November 2025.

The Under Armour Data Breach Unveiled

The data breach reportedly stems from a ransomware attack in November 2025, where the Everest ransomware group claimed responsibility and threatened to leak internal files. In January 2026, customer data from this incident became publicly available on a popular hacking forum. The breach notification service Have I Been Pwned obtained a copy of this data and began alerting affected users via email.

What Data Was Exposed?

The leaked dataset is said to contain a wide array of personal information. While payment card details have not been confirmed as compromised, the exposed data is still valuable to cybercriminals. The compromised information may include:

• Names

• Email addresses

• Dates of birth

• Genders

• Approximate location (based on ZIP code or postcode)

• Purchase history

Researchers also identified email addresses belonging to Under Armour employees within the leaked data, increasing the risk of targeted phishing and business email compromise scams.

Under Armour's Response and Why It Matters

An Under Armour spokesperson stated, "We are aware of claims that an unauthorized third party obtained certain data. Our investigation of this issue, with the assistance of external cybersecurity experts, is ongoing. Importantly, at this time, there's no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded."

Even without passwords or payment details, this breach poses significant risks. Names, email addresses, birth dates, and purchase history can be exploited to create highly convincing scams. Cybercriminals often use real purchase details to gain trust, making phishing emails appear legitimate. Over time, this exposed data can be combined with information from other breaches to build detailed identity profiles, making them harder to protect.

Staying Safe After the Breach

If you believe your information may be included in this breach, cybersecurity experts recommend the following steps:

1. Change Reused Passwords: Update passwords on other sites if you reused them. Use a password manager to create strong, unique passwords for each account.

2. Watch for Phishing Emails: Be cautious of emails claiming issues with your account or recent purchases. Do not click links or open attachments in unexpected emails; go directly to the company's official website.

3. Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts, especially email, shopping, and financial accounts.

4. Monitor for Account Alerts: Pay attention to password reset emails you didn't request, as this could indicate attempted account takeovers.

5. Be Skeptical of Past Purchase References: Scammers may use purchase history to build trust. Treat messages pressuring immediate action with suspicion.

6. Consider Data Removal Services: These services can help remove your information from data broker databases, reducing your exposure.

Customers can check if their email address was affected by using our tool. As cyber threats continue to evolve, your security strategy needs to evolve with them. BetterWorld Technology delivers adaptive cybersecurity solutions designed to keep your business secure while supporting innovation. Connect with us today to schedule a personalized consultation.

Sources

• Under Armour investigates data breach claims affecting 72 million, Fox News.

• Under Armour data breach claims trigger alerts for millions of users, Kurt the CyberGuy.

• Under Armour investigating data breach which put customers’ email addresses at risk, AOL.com.

• 72 million customer records surface on hacking forum, Bez Kabli.