Under Armour, Inc.

In November 2025, the Everest ransomware group claimed responsibility for an attack on Under Armour. The group alleged they had accessed 343GB of data and attempted to extort a ransom from the company.

In January 2026, data associated with this incident was published publicly on a hacking forum. This data included 72.7 million email addresses. Many of these records also contained additional personal information.

The exposed data includes names, dates of birth, genders, geographic locations, and purchase information. The combination of email addresses with other personal details increases the risk of targeted phishing attacks and identity theft. Purchase information could also be used to craft more convincing social engineering attempts.

You should immediately change your password for any Under Armour accounts. If you used the same password on other websites, change those passwords as well. Enable two-factor authentication (2FA) on all online accounts where it is available, especially for email and financial services.

Monitor your email for suspicious messages. Be wary of any emails claiming to be from Under Armour or other companies that ask for personal information or direct you to log in through a link. These could be phishing attempts using your exposed data. Do not click on unfamiliar links or download attachments from unknown senders.

Regularly review your financial statements and credit reports for any unauthorized activity. Given that names, dates of birth, and geographic locations were exposed, there is an increased risk of identity theft. Consider placing a fraud alert or credit freeze with credit bureaus if you are concerned.