6,727,398 Under Armour customers affected by a data leak
In January 2026, sportswear brand Under Armour was hit by a data leak after the Everest ransomware gang published roughly 72.9 million stolen customer records online, including about 6.7 million people in France, exposing names, emails, dates of birth and purchase history.
- Victim
- Under Armour
- records
- 72.9M
On 18 January 2026, Under Armour — the US sportswear and athletic-apparel brand headquartered in Baltimore — was confirmed to be the victim of a large-scale customer data leak. The data originated from an intrusion claimed by the Everest ransomware gang, which said in November 2025 that it had stolen roughly 343 GB of data and attempted to extort the company. After the extortion attempt, the stolen records were published openly on a hacking forum in January 2026.
The dataset comprises about 72.9 million customer records worldwide, of which roughly 6.7 million relate to people located in France. The breach notification service Have I Been Pwned obtained a copy and alerted the affected individuals. The exposed information did not include passwords or payment-card data — Under Armour stated there was no evidence that UA.com or its payment and password systems were affected — but it did contain extensive personal data.
Exposed data categories included:
- Full names
- Email addresses (customer and some employee addresses)
- Dates of birth
- Gender
- Approximate geographic location (by ZIP/postal code)
- Purchase history
Under Armour acknowledged it was "aware" of the claims and said an investigation was ongoing, while disputing the severity and arguing that only a small percentage of affected customers had information that could be considered sensitive. The incident has since triggered multiple class-action lawsuits filed in US federal courts in Maryland and Texas.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-18-under-armour
- techcrunch.comhttps://techcrunch.com/2026/01/22/under-armour-says-its-aware-of-data-breach-claims-after-72m-customer-records-were-posted-online/
- haveibeenpwned.comhttps://haveibeenpwned.com/breach/UnderArmour
- malwarebytes.comhttps://www.malwarebytes.com/blog/news/2026/01/under-armour-ransomware-breach-data-of-72-million-customers-appears-on-the-dark-web