
Under Armour Breach
Nov 24, 2025
74,967,293 rows
What happened in the Under Armour Breach?
DataBreach.com Team · December 10th 2025, 7:00 pm EST
Overview
In November 2025, the Everest ransomware group claimed responsibility for a significant data breach targeting Under Armour. The group alleges it exfiltrated over 343 GB of sensitive internal and customer data. While Under Armour has confirmed it is investigating the incident, the company has not yet officially verified the full scope of the compromise.
The threat actors utilized "double extortion" tactics, threatening to leak the stolen data if a ransom was not paid. Following the expiration of a seven-day deadline, the group published download links to the alleged data on a dark web hacker forum.
Compromised Data
Internal analysis of the leaked data set indicates the presence of approximately 75,000,000 unique email addresses.
The compromised data reportedly includes:
- Customer PII: Email addresses, phone numbers, and physical locations.
- Transaction Data: Purchase histories and preferences.
- Employee Data: Contact details, personnel files, and potentially passport information (unverified).
- Corporate Data: Internal documents, product SKUs, and business intelligence.
Data likely NOT affected:
- Payment card information (processed separately).
- Government identifiers (e.g., Social Security Numbers).
Current Status & Legal Context
As of early December 2025, Under Armour has not admitted to the full scale of the breach. However, a class-action lawsuit has reportedly been filed regarding the alleged failure to protect consumer data. The incident remains classified as "Unverified" pending an official report from the victim organization.










