~73M Under Armour Customers Impacted by Ransomware Attack
According to reports, 72.7 million Under Armour customer accounts were affected by an alleged ransomware attack linked to the Everest ransomware group. The breach surfaced after leaked files were posted to a cybercrime forum in January, which HIBP has since ingested and verified. Exposed data includes names, email addresses, dates of birth, gender, geographic location, and purchase history, with the attackers also claiming access to phone numbers, physical addresses, and loyalty program details. Under Armour has not publicly acknowledged the breach, despite Everest listing the company on its leak site in November and threatening to release the data unless a ransom was paid.
The scale of the exposure represents a major reputational and legal risk for Under Armour, particularly as consumer brands rely heavily on trust, loyalty programs, and digital engagement. Large retail breaches often lead to class-action lawsuits, regulatory scrutiny, and long-term customer attrition, even when financial data is not involved. The Everest group’s business model - combining double extortion, access brokerage, and insider recruitment - also suggests this incident may reflect deeper weaknesses in identity controls, third-party access, or internal monitoring, rather than a single isolated failure.
This incident reinforces the need for unified, proactive security operations across consumer-facing enterprises. Defending against modern ransomware requires consolidating identity and access monitoring, endpoint and server security, network traffic analysis, data access logging, threat intelligence, and incident response automation into a single operational platform like NIKSUN. By correlating data across user behavior, network activity, cloud services, and external threat feeds, organizations can detect early-stage compromise, prevent large-scale data exfiltration, and respond before attackers escalate to extortion. Security tool sprawl slows response - data unification and integrated security visibility are critical to protecting customer trust at global scale. Read more about this story on our LinkedIn page
The scale of the exposure represents a major reputational and legal risk for Under Armour, particularly as consumer brands rely heavily on trust, loyalty programs, and digital engagement. Large retail breaches often lead to class-action lawsuits, regulatory scrutiny, and long-term customer attrition, even when financial data is not involved. The Everest group’s business model - combining double extortion, access brokerage, and insider recruitment - also suggests this incident may reflect deeper weaknesses in identity controls, third-party access, or internal monitoring, rather than a single isolated failure.
This incident reinforces the need for unified, proactive security operations across consumer-facing enterprises. Defending against modern ransomware requires consolidating identity and access monitoring, endpoint and server security, network traffic analysis, data access logging, threat intelligence, and incident response automation into a single operational platform like NIKSUN. By correlating data across user behavior, network activity, cloud services, and external threat feeds, organizations can detect early-stage compromise, prevent large-scale data exfiltration, and respond before attackers escalate to extortion. Security tool sprawl slows response - data unification and integrated security visibility are critical to protecting customer trust at global scale. Read more about this story on our LinkedIn page