Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online

Under Armour, a prominent name in clothing and fitness data, is currently looking into serious claims regarding a data breach that has allegedly led to the exposure of millions of customer records on a hacking forum. Reports indicate that a cybercriminal has claimed responsibility for this incident, stating that the data was extracted in a breach that occurred last November, for which the Everest ransomware group has taken accountability on their dark web leak site. The situation garnered wider attention this week when breach notification service, Have I Been Pwned, acquired a copy of the compromised data. They have since alerted 72 million individuals via email, informing them that their personal information may have been compromised. The dataset reportedly includes sensitive details such as names, email addresses, genders, dates of birth, and approximate locations based on postal codes, in addition to information related to customer purchases. A sample of the stolen data, provided to TechCrunch, appears to confirm the authenticity of the claims, as it consists of extensive records of Under Armour customer transactions. Alarmingly, the data also includes numerous email addresses linked to Under Armour employees. In a statement, Under Armour spokesperson Matt Dornic acknowledged the situation, saying the company is aware of the claims regarding unauthorized access to certain data. He confirmed that they are actively investigating the breach with the help of external cybersecurity experts. Notably, Dornic emphasized that there is currently no evidence indicating that the breach has impacted UA.com or any systems responsible for processing payments or storing customer passwords. Dornic further reassured that the number of affected customers possessing sensitive information constitutes only a small fraction of the total. However, he did not clarify what specific types of information Under Armour categorizes as sensitive, nor did he provide a precise number of customers impacted by the breach. He also stated that any suggestion that sensitive personal data from tens of millions of customers has been compromised is unfounded. As of now, Under Armour has yet to confirm whether it will reach out to customers whose information may have been affected, and it remains unclear if the company has received any communication from the hackers, including potential ransom demands.