Major Ransomware Claim Hits Under Armour: What We Know So Far

By Ash K
Major Ransomware Claim Hits Under Armour: What We Know So Far

Under Armour, the US-based global sports apparel brand, is reportedly the target of a major ransomware incident claimed by the Everest ransomware group. The group published a notice on its dark-web leak site warning of a full data release unless Under Armour engages them within a set deadline. While the company has not yet officially confirmed the breach, the scale and details of the claim merit urgent attention from customers, stakeholders and security teams alike.

What the Threat Actor Claims

The Everest ransomware group alleges that they have exfiltrated approximately 343 GB of internal Under Armour data. They claim this dataset includes customer-personal information, employee records, order histories, product and pricing data, internal business documents and possibly more. Their public message includes an ultimatum: Under Armour must make contact via a secure messenger within seven days or risk full publication of the data.

Potential Scope and Risk

If the claims hold, this incident would expose risk across multiple fronts. For individual customers the theft of personal data-including names, email addresses, phone numbers, location and transaction history—opens the door to identity theft, phishing and fraud. For Under Armour the exposure of internal business information such as product pricing, stock-keeping units, supply-chain documentation and customer purchase patterns threatens competitive standing, brand trust and regulatory exposure.

Verification Status and Company Response

As of this writing, Under Armour has not publicly confirmed the breach or provided detailed disclosures on the incident. Media outlets note the company has been contacted for comment but no official acknowledgement has emerged. Cyber-intelligence platforms tracking ransomware events have flagged the incident as “under investigation” with the “Everest” group listed as the alleged threat actor.

Why Under Armour May Be a Target

Under Armour’s global reach, extensive customer base and digital commerce operations make it a high-value target. A sportswear brand with membership programs, mobile apps and purchase histories provides rich datasets. Attackers often favour this type of environment because of potential resale value for data, opportunities for extortion and the reputational damage a brand suffers following a breach.

Key Lessons and Mitigation Considerations

From a cybersecurity perspective this incident underlines several important points.

  • Preventing initial access remains critical. Attackers may exploit mis-configured servers, stolen credentials or phishing to gain entry.
  • Exfiltration monitoring is essential. Organisations should monitor for unusual outbound transfers, large compressed archives and anomalous user behaviour.
  • Immutable backups and air-gapped storage protect recovery paths in ransomware scenarios.
  • Incident response plans must include double extortion scenarios where data theft precedes or replaces encryption.
  • Consumers should be proactively notified when there is credible risk, along with recommendations for password changes, 2FA activation and credit monitoring.

Steps for Consumers and Stakeholders

Anyone who has transacted with Under Armour, registered accounts, made purchases or stored personal details should assume the possibility of exposure. Recommended actions include:

  • Change passwords associated with Under Armour accounts and any reuse across other services.
  • Enable multi-factor authentication where available.
  • Monitor bank statements, credit reports and email for suspicious activity.
  • Be alert for phishing-style messages that reference Under Armour and ask for verification of personal or payment details.

Although the details remain unconfirmed by Under Armour, the allegations made by the Everest ransomware group indicate a potentially serious compromise. Whether or not the full 343 GB of data has indeed been exfiltrated, the mere claim and posting of sample files can significantly impact brand equity, regulatory exposure and customer trust. For organisations of all sizes this incident reinforces the imperative to treat data protection as core business risk, not just IT risk. Vigilance, layered defence and rapid response are the difference between containing impact and being caught off-guard.

Ash K
Ash K
Ashton is a seasoned Cybersecurity Professional with over 25 years of experience in Cybersecurity Research, Cybersecurity Incident response, Products and Security Solutions architecture.