Hackers claim to have hit Under Armour in massive data breach - here's what we know, and how you can stay safe

News
By published

Everest ransomware gang claims to have stolen ‘millions of personal data” from Under Armour customers

Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website
(Image credit: sarayut Thaneerat/ via Getty Images)
  • Hackers have posted data they claim is stolen from Under Armour
  • It includes PII from customers and employees
  • UA is the latest in string of retailers attacked in recent months

The notorious Everest ransomware group has claimed sportswear maker and retailer Under Armour as its latest victim - with the group posting what it claims is a sample of ‘more than millions of personal data’ and internal company data onto a dark web site.

The dark leak site post claims the hackers have accessed and exfiltrated 343GB of data from internal sources, noting; “The leak of your internal company documents contains a huge variety of personal documents and information of clients and employees’.

The group has given Under Armour seven days to contact them, presumably to negotiate a ransom payment, posting a countdown timer alongside a warning to follow their instructions ‘before time runs out’.

Customers at risk

The sample of the data posted by hackers to verify the leak’s authenticity contained personally identifiable customer information, including email addresses, phone numbers, order histories, location data, and transaction data.

TechRadar Pro has reached out to Under Armour to confirm if the incident is legitimate, but we have yet to receive a response,.

If the breach is legitimate, it could put thousands of customers at risk, particularly of identity theft, social engineering, and fraud - so it’s important to check out identity theft protection software if you’re concerned - and keep a close eye on your accounts and statements.

To protect yourself from social engineering, the key is to be wary of any unexpected communications - like texts and emails from email addresses you don’t recognize - and pay close attention for anything in the email that may not be legitimate - like an email from gma1l rather than gmail, for example.

If the ransom claim is legitimate, and unfortunately there doesn’t seem to be any reason to think it’s not, then Under Armour will be the latest in over 250 victims that the Everest group has victimized since 2023, with high profile disruptions - including affecting millions of passengers in an attack on a Dublin Airport supplier.

Via: Cybernews

Best identity theft protection header
The best ID theft protection for all budgets

➡️ Read our full guide to the best identity theft protection
1. Best overall:
Aura
2. Best for families:
IdentityForce
3. Best for credit beginners:
Experian IdentityWorks

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.