Everest Ransomware Group Claims Massive Under Armour Data Haul as 72.7 Million Accounts Surface
The Everest ransomware group is once again at the center of attention following claims that it is in possession of a vast cache of customer data linked to sportswear giant Under Armour. According to breach notification platform Have I Been Pwned, more than 72.7 million customer accounts were affected by an alleged ransomware incident that surfaced late last year.
The data was ingested by Have I Been Pwned after files were shared on a cybercrime forum on January 18 by an individual claiming affiliation with the Everest ransomware group. While the disclosure has triggered widespread concern, Under Armour has yet to publicly acknowledge the incident or confirm the authenticity of the leaked information.
Details of the Alleged Data Exposure
According to :contentReference[oaicite:1]{index=1}, the exposed dataset includes customer names, email addresses, dates of birth, gender information, geographic location data, and records of previous purchases. These data points collectively provide a detailed profile of affected individuals, increasing the risk of targeted fraud and identity-based attacks.
The Everest group has claimed that the breach goes further, alleging that phone numbers, physical addresses, loyalty program information, and preferred store locations were also included in the stolen files. These additional claims have not yet been independently verified.
Ransomware Pressure and Silence From Under Armour
Claims of a ransomware attack first emerged in November when Everest added Under Armour to its data leak site. The group reportedly threatened to publish stolen data unless an undisclosed ransom was paid within seven days. Since then, no confirmation of payment or negotiations has been made public.
Under Armour did not respond to media inquiries when the allegations first appeared and has remained silent following the latest disclosures. The absence of an official statement has left customers relying on third-party breach trackers for clarity about potential exposure.
Legal Fallout Begins to Take Shape
Shortly after Everest published details of the alleged attack, legal action followed. The law firm :contentReference[oaicite:2]{index=2} filed a proposed class action lawsuit on behalf of Under Armour customer Orvin Ganesh.
The complaint argues that the company failed to adequately protect customer information and did not provide timely notice of the breach. Such lawsuits are increasingly common in large-scale consumer data incidents, particularly when sensitive personal and purchasing data is involved.
Everest’s Expanding List of High-Profile Targets
The Everest ransomware group has built a reputation for targeting large organizations across multiple sectors. Its back catalog of claimed victims includes aerospace firms, critical infrastructure operators, and government entities in Europe and South America.
More recently, Asus confirmed that it was affected by an Everest-linked incident through a third-party supplier, resulting in the compromise of internal files. These cases suggest a continued focus on high-impact targets where stolen data can be leveraged for both extortion and secondary monetization.
Consumer Risk and Ongoing Uncertainty
With more than 72 million accounts potentially exposed, affected Under Armour customers face elevated risks of phishing, credential stuffing, and social engineering attacks. The combination of personal details and purchase history can enable highly convincing scams.
Until Under Armour provides formal confirmation and guidance, the true scope of the incident remains uncertain. The situation reflects a broader challenge in ransomware incidents, where public visibility often depends more on criminal disclosures than on victim transparency.
