BALTIMORE, Jan 22, 2026, 13:53 EST
- Under Armour announced it’s probing allegations that an unauthorized party accessed customer data and leaked it online
- Breach tracker Have I Been Pwned reports roughly 72.7 million compromised accounts, with leaked data including emails, birth dates, locations, and purchase details
- Under Armour stated there’s no sign its website, payment systems, or customer passwords were compromised
Under Armour announced Thursday that it’s looking into reports of a hack exposing data tied to roughly 72 million accounts, following the appearance of its records on a hacking forum online.
These claims are gaining traction as breach alerts start hitting inboxes, dragging the episode into the cybercrime spotlight. Once a dataset goes public, it’s nearly impossible to reel back, even if the victim later contests its contents.
Breach trackers reveal data that pairs purchase details with basic identifiers like email addresses and birthdates, making fake “account” alerts seem authentic. Under Armour hasn’t disclosed how many customers it plans to notify or what exactly it deems “sensitive” data here.
Have I Been Pwned reported that the Everest ransomware group targeted Under Armour in November 2025, demanding a ransom while claiming to hold 343 gigabytes of data. In January, customer information from the breach was made public, exposing 72 million email addresses along with names, gender, locations, and purchase details. 1
Under Armour spokesperson Matt Dornic acknowledged the company is “aware of claims that an unauthorized third party obtained certain data” and said they’re working with outside cybersecurity experts. He stressed there’s currently “no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords,” adding that “any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded.” TechCrunch reported a seller shared a sample of the data, including customer purchase records and email addresses of Under Armour employees. 2
The Register revealed that Have I Been Pwned uploaded files leaked on Jan. 18 by an Everest gang member on a cybercrime forum. Everest had warned it would release stolen data unless Under Armour paid an undisclosed ransom within a week. The gang also claimed the haul contained additional info not verified by breach trackers, including phone numbers and home addresses. 3
Ransomware is a type of malicious software that disrupts systems, but nowadays, many groups combine it with data theft. They threaten to leak files if victims don’t pay up. This tactic targets customer and marketing databases as leverage, even when payment systems remain untouched.
Under Armour’s Class A shares climbed roughly 4% in afternoon trading across the U.S.
Still, crucial questions linger: Are the leaked files complete? Is the data up to date? And how does Under Armour define “sensitive”? Even without passwords or payment card info, a dataset mixing emails, birth dates, and shopping habits could easily power targeted scams.
Have I Been Pwned urged affected users to update passwords they’ve used on other sites and turn on two-factor authentication, adding a crucial layer of security that helps prevent account takeovers.
Under Armour hasn’t confirmed if a ransom demand has been made or provided a timeline for wrapping up its investigation.
