Skip to content
RansomwareContained

Under Armour: the brand warns French customers after the leak of 72 million accounts

Under Armour confirmed a breach by the Everest ransomware group that exposed roughly 72.7 million unique customer email addresses along with names, dates of birth, genders, locations and purchase histories, leaked publicly after extortion failed and now reaching French customers.

Victim
Under Armour
records
72.7M

On 2 April 2026, Under Armour — the Baltimore-based athletic apparel and footwear brand — issued warnings to its French customers as a major data breach affecting roughly 72.7 million accounts continued to spread. The incident traces back to the Everest ransomware group, which claimed Under Armour as a victim in November 2025 and said it had exfiltrated about 343 GB of data, threatening to publish it unless a ransom was paid.

After negotiations failed, the stolen data was published openly on a hacking forum in January 2026 and indexed by the breach-notification service Have I Been Pwned, which alerted the affected individuals. By April the leak had drawn attention in France, prompting the brand to caution local customers about the heightened risk of phishing and targeted fraud.

The exposed records included:

  • Email addresses (about 72.7 million unique addresses)
  • Full names
  • Dates of birth and gender
  • Geographic location data
  • Purchase histories and product preferences / loyalty information

Under Armour acknowledged it was aware of the breach claims and was investigating, stating it had no evidence that UA.com or the systems used to process payments or store customer passwords were affected. The publicly leaked dataset remains in circulation, leaving impacted customers exposed to identity-theft and social-engineering attempts.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/under-armour-marque-avertit-clients-francais-fuite-72-millions-comptes/
  2. haveibeenpwned.comhttps://haveibeenpwned.com/breach/UnderArmour
  3. techcrunch.comhttps://techcrunch.com/2026/01/22/under-armour-says-its-aware-of-data-breach-claims-after-72m-customer-records-were-posted-online/
  4. malwarebytes.comhttps://www.malwarebytes.com/blog/news/2026/01/under-armour-ransomware-breach-data-of-72-million-customers-appears-on-the-dark-web

Related incidents

RansomwareContained

Leak at Poltronesofa

On 27 October 2025, Italian sofa and furniture retailer Poltronesofà suffered a ransomware attack that encrypted its servers and exposed personal data of thousands of customers, including names, postal addresses, emails, phone numbers and tax identification numbers; no banking data was affected.

Victim
Poltronesofa