Under Armour, Inc.

In November 2025, Under Armour experienced a data exposure affecting 72.7 million records. The exposed data included personal information such as names, email addresses, dates of birth, genders, geographic locations, and purchase information. The company has publicly acknowledged the incident, as confirmed by its inclusion in Have I Been Pwned.

Many of the records contained a combination of these data types, making the exposure significant for affected individuals. The incident involved a large volume of personal details that could be used for various malicious purposes.

The data exposure occurred in November 2025. The incident was first disclosed on January 21, 2026. The Everest ransomware group claimed responsibility for the attack, stating they had gained access to 343GB of data and attempted to extort a ransom. When the ransom was not paid, customer data from the incident was subsequently published publicly on a popular hacking forum.

Individuals affected by this data exposure should be extremely cautious. Given that email addresses, names, and other personal details are now public, there is an increased risk of targeted phishing attacks. You should be wary of any unsolicited emails or communications that appear to be from Under Armour or other companies, as attackers may use the exposed information to make these messages seem legitimate.

It is also advisable to monitor your online accounts for any unusual activity and consider enabling two-factor authentication wherever possible. While the company has not provided specific remediation guidance in the provided context, general best practices for data breaches include changing passwords for any accounts that might have used similar credentials and being vigilant for any signs of identity theft.