Everest Ransomware group claims breach of Under Armour, company has not confirmed incident
Learn More
The Everest ransomware group claimed responsibility for breaching Under Armour, Inc., American sportswear and athletic apparel manufacturer.
The hackers have allegedly stolen 343 gigabytes of internal company data including employee information and personal data belonging to millions of customers across multiple countries. Everest released sample data purportedly extracted from Under Armour systems as evidence. Under Armour has not officially confirmed or denied these breach claims, so the claims should be treated as unverified until the company issues an official statement .
The allegedly exposed data, based on sample records published by Everest, includes:
- Customer email addresses and phone numbers
- Shopping history and transaction records
- Purchase timestamps and product identifiers
- Product prices and quantities purchased
- Store preference records
- Geographic location data for cities and regions
- Marketing campaign logs
- Deep link tracking entries
- User account identifiers
- Product catalogue information (SKU, name, type, category, size, color)
- Product pricing, availability, and ratings
- Localized product descriptions and regional links
- Customer first names
- Marketing consent status
- Language preferences
- Request timestamps
- Internal company data (nature unspecified)
- Employee information (details not disclosed)
The number of affected individuals has been described by Everest as "millions" across various countries, but no count has been provided.
Everest ransomware group issued a seven-day ultimatum to Under Armour, instructing company representatives to establish contact via the encrypted Tox messenger platform with a countdown timer accompanying their threatening message stating "before time runs out."
Under Armour customers are advised to reset all passwords on any accounts linked to Under Armour services, enabling two-factor authentication across all accounts that may share credentials with Under Armour platforms, and exercising extreme caution regarding emails claiming to be from the company.
Update - as of 21st of January 2026, Have I Been Pwned (HIBP) says 72.7 million accounts registered with Under Armour were affected by the alleged ransomware attack in November. The data breach platform ingested the files that were leaked on January 18 via a cybercrime forum. According to HIBP's post from Tuesday, names, email addresses, dates of birth, genders, geographic locations, and details of previous purchases were leaked.
As of 22nd of January 2026, Under Armour spokesperson confirmed that the company is “aware of claims that an unauthorized third party obtained certain data.” “Our investigation of this issue, with the assistance of external cybersecurity experts, is ongoing. Importantly, at this time, there’s no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords,”
