In a recent development, the sports apparel company Under Armour is investigating a November data breach that exposed millions of customer records. The breach was publicly disclosed by a cybercriminal on a hacker forum and confirmed by the breach-notification service Have I Been Pwned, which has already emailed 72 million customers. While the company assures that payment systems remain secure, details about the scope and impact are still emerging.
At a Glance
- Under Armour is probing a November data breach.
- 72 million customers have been notified via email.
- Stolen data includes names, email addresses, genders, dates of birth, approximate locations, and purchase histories.
- No evidence yet that UA.com or payment-processing systems were affected.
- The breach was linked to the Everest ransomware gang.
The Breach
Under Armour stated that the data was taken during a November incident. The company identified the Everest ransomware gang as the group claiming responsibility on its dark-web leak site at the time. The gang’s post indicated that a large volume of customer information had been compromised.
What Was Stolen
The stolen dataset contains:
- Names and email addresses of customers and employees.
- Genders and dates of birth.
- Approximate locations based on postcode or ZIP code.
- Detailed purchase histories.
Have I Been Pwned obtained a copy of the data and used it to notify affected individuals. The notification list grew to 72 million emails, underscoring the scale of the breach.
| Data Category | Example Items | Notes |
|---|---|---|
| Personal | Names, email addresses, genders, dates of birth | Sensitive personal data |
| Location | Postcode, ZIP code | Approximate geographic data |
| Transaction | Purchase history | Potentially sensitive financial info |
Company Response
When asked for comment, Under Armour spokesperson Matt Dornic said the company is aware of claims that an unauthorized third party obtained certain data. He added:
“Our investigation of this issue, with the assistance of external cybersecurity experts, is ongoing. Importantly, at this time, there’s no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords,” the spokesperson added.
Dornic further noted:
“What we know at this time is the number of affected customers with any sort of information that could be considered sensitive is a very small percentage,” he said.
The spokesperson did not immediately respond to a follow-up email asking what types of customer information Under Armour considers “sensitive” or how many customers are affected. He also declined to confirm whether the company plans to notify customers directly or if it has received any ransom demands from the hackers.
Impact and Next Steps
- Notification: Have I Been Pwned has already emailed 72 million customers.
- Security: No evidence of compromise to payment processing or password storage.
- Investigation: Ongoing with external cybersecurity experts.
- Uncertainty: The exact number of customers with sensitive data remains undisclosed.
| Date | Event |
|---|---|
| November | Data breach occurs; Everest ransomware gang claims responsibility |
| This week | Have I Been Pwned publishes data and notifies customers |
| Ongoing | Under Armour conducts investigation; no payment system impact reported |
Key Takeaways
- Under Armour is actively investigating a significant data breach linked to the Everest ransomware gang.
- 72 million customers have been notified of potential exposure.
- The company confirms no impact on payment or password systems.
- The scope of sensitive data exposed remains unclear, and the company has not yet announced a direct customer notification plan.
These developments highlight the growing importance of robust data protection and transparent communication during cyber incidents.
