Investigation underway after 72M Under Armour records surface online

Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal.

Under Armour is an American company that designs, manufactures, and sells sportswear, athletic shoes, and fitness-related accessories.

TechCrunch reported that Under Armour is investigating a data breach after 72M customer records were posted online. The stolen data, linked to a November breach claimed by the Everest ransomware gang, was later confirmed by Have I Been Pwned, which notified affected individuals.

“In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data.” reported Have I Been Pwned. “In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.”

Compromised data includes customers’ dates of birth, email addresses, genders, geographic locations, names, and purchases.

The seller shared a sample of the stolen data with TechCrunch, the data set includes millions of Under Armour customer purchase records and employee email addresses, matching Have I Been Pwned’s report.

Under Armour confirmed it is investigating claims of a data breach with the help of external cybersecurity experts. The company says payment systems and passwords were not affected, only a very small percentage of customers may have had sensitive information exposed, and denies that tens of millions of sensitive records were compromised.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)