A data breach at American apparel giant Under Armour has leaked the personal information of 72.7 million customers following a ransomware attack. The data breach surfaced in November 2025 after the Everest ransomware gang claimed responsibility for the attack by listing Under Armour on a dark web leak site.
On January 18, 2026, the ransomware gang leaked samples on an underground hacking forum and demanded an unspecified ransom to avoid leaking the entire trove, totaling about 343 GB.
Data breach tracking website Have I Been Pwned (HIBP) confirmed the data breach and assessed that it leaked customers names, email addresses, genders, dates of birth, and geographic locations.
Have I Been Pwned said the stolen Under Armour dataset included names, email addresses, genders, dates of birth, and customers’ approximate location based on postcode or ZIP code. The data also included purchase information, such as product IDs, prices, quantities, store preferences, and marketing campaign logs. Together, this can be used by cybercriminals for shopping scams and phishing.
Under Armour is now facing a class action lawsuit for its alleged negligent handling of personal information and the November 2025 data breach.
Read more about it here.