Critical

Under Armour

In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom , alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum , including 72M email addresses. M...

Exposed data: Email Addresses Names Dates Of Birth Genders Geographic Locations
Accounts Exposed 72,742,892
1K 100K 10M 1B+

Overview

In late 2025, the Everest ransomware group breached Under Armour, stealing a massive trove of customer data. After failing to extort a ransom, the hackers publicly released the information in January 2026. This breach has impacted over 72 million customer accounts globally, exposing a significant amount of personal information. The public release of this data significantly increases the risk of fraud and targeted attacks for affected individuals.

What Was Exposed

The published data includes several types of personal information. The core of the breach consists of email addresses and names, which can directly identify you. For many users, the exposed data also includes dates of birth, genders, and geographic locations. Some records may also contain purchase information. When combined, these data points create a detailed profile that can be used for highly convincing scams.

Potential Impact

The exposure of this combination of data is critically serious. With your email, name, location, and date of birth, criminals can craft highly personalized phishing emails, text messages (smishing), or phone calls (vishing) that appear legitimate. They may impersonate Under Armour or other trusted entities to steal passwords or financial information. This data can also be used for identity theft attempts, account takeovers on other platforms where you reuse passwords, and targeted spam. The inclusion of purchase history could lead to scams specifically related to past orders or fake loyalty rewards.

Recommendations

If you have ever had an Under Armour account, take these steps immediately:

  1. Change Your Under Armour Password: Immediately update to a strong, unique password you do not use anywhere else. If you used this same password on other websites, change it on those sites as well.
  2. Enable Multi-Factor Authentication (MFA): Turn on MFA (like an authenticator app or security key) for your Under Armour account and any other important accounts (especially email and banking) to add a critical extra layer of security.
  3. Beware of Targeted Phishing: Be extremely cautious of any emails, texts, or calls that reference your name, location, or Under Armour purchases. Do not click on links or provide login details. Always go to company websites directly by typing the URL.
  4. Monitor Your Accounts: Keep a close eye on your email account, bank statements, and credit reports for any suspicious activity. Consider placing a free fraud alert with major credit bureaus.

How to Check If You’re Affected

The breach has been verified and added to the free service Have I Been Pwned. To check if your email address was compromised, visit https://haveibeenpwned.com and enter your email address in the search bar. You can also view specific details about this breach at https://haveibeenpwned.com/Breach/UnderArmour. If your email appears in the results, you should assume your associated personal data from Under Armour is now in the hands of criminals and follow the recommendations above.