Under Armour: the brand warns French customers after the leak of 72 million accounts
Under Armour confirmed a breach by the Everest ransomware group that exposed roughly 72.7 million unique customer email addresses along with names, dates of birth, genders, locations and purchase histories, leaked publicly after extortion failed and now reaching French customers.
- Victim
- Under Armour
- records
- 72.7M
On 2 April 2026, Under Armour — the Baltimore-based athletic apparel and footwear brand — issued warnings to its French customers as a major data breach affecting roughly 72.7 million accounts continued to spread. The incident traces back to the Everest ransomware group, which claimed Under Armour as a victim in November 2025 and said it had exfiltrated about 343 GB of data, threatening to publish it unless a ransom was paid.
After negotiations failed, the stolen data was published openly on a hacking forum in January 2026 and indexed by the breach-notification service Have I Been Pwned, which alerted the affected individuals. By April the leak had drawn attention in France, prompting the brand to caution local customers about the heightened risk of phishing and targeted fraud.
The exposed records included:
- Email addresses (about 72.7 million unique addresses)
- Full names
- Dates of birth and gender
- Geographic location data
- Purchase histories and product preferences / loyalty information
Under Armour acknowledged it was aware of the breach claims and was investigating, stating it had no evidence that UA.com or the systems used to process payments or store customer passwords were affected. The publicly leaked dataset remains in circulation, leaving impacted customers exposed to identity-theft and social-engineering attempts.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/under-armour-marque-avertit-clients-francais-fuite-72-millions-comptes/
- haveibeenpwned.comhttps://haveibeenpwned.com/breach/UnderArmour
- techcrunch.comhttps://techcrunch.com/2026/01/22/under-armour-says-its-aware-of-data-breach-claims-after-72m-customer-records-were-posted-online/
- malwarebytes.comhttps://www.malwarebytes.com/blog/news/2026/01/under-armour-ransomware-breach-data-of-72-million-customers-appears-on-the-dark-web