-
The Everest ransomware group says it grabbed 343 GB of data from Under Armour, including personal info on both customers and employees.
-
The stolen files show things like transaction histories, passport numbers, and internal documents—basically, everything you’d want to keep private, which poses a serious fraud risk.
-
Under Armour hasn’t confirmed the breach yet, but the hackers are pushing them with a seven-day deadline.
One of the biggest names in sportswear might be facing a massive security issue. Hackers say they have stolen a ton of private data.
The Everest ransomware group is behind the alleged attack. They are threatening to leak all the information very soon.
The Alleged Under Armour Data Breach
Global sportware giant Under Armour just got hit by a big cyberattack, and the Everest ransomware gang says they did it. The hackers announced this on their dark web leak site on November 16. They broke in and grabbed a staggering 343 gigabytes of Under Armour’s internal data.
The stolen 343 GB of sensitive data could affect millions of people worldwide. To prove their claim, they posted a sample of the stolen records. This has raised fears about identity theft and phishing attacks.
So, what kind of information was taken? The claim points to a vast amount of data. It includes millions of client records with full transaction histories. User IDs, email addresses, and physical addresses were also listed. Even more alarming, passport details and phone numbers are part of the haul. This type of massive, deeply personal data haul is becoming alarmingly common. We’re seeing a pattern where hackers are grabbing entire digital identities, similar to the recent Istanbul City App data breach that exposed the private information of millions on the dark web.
In this alleged Under Armour breach, employee data from various countries is also involved. The hackers’ sample gave a clear look inside. It revealed sensitive customer shopping histories and product catalogs. Internal marketing logs and user behavior analytics were also exposed.
This suggests the breach hit core company systems. It likely targeted customer relationship management or e-commerce databases. The source could be marketing or product registration platforms.
The Everest Group’s History and Demands
This ransomware group, Everest, isn’t new to this — they’ve been pulling off attacks like this since 2021, relying on the same kind of criminal infrastructure recently targeted in operations like the Dutch police shut down a criminal host used for dark web activities. Their resume includes many high-profile attacks. They previously claimed a breach of AT&T’s database. That incident exposed over 500,000 users.
They also stole 1.5 million passenger records from Dublin Airport. Internal files from Coca-Cola were another one of their targets. This shows a pattern of attacking big-name companies.
Their method is straightforward and aggressive. They gave Under Armour a seven-day ultimatum. The demand was sent via the encrypted Tox messenger. They told the company to make contact before their timer runs out.
If Under Armour does not comply, they will leak all the data. The initial post did not name a specific ransom amount. But Everest is known for its tactics. They often release more data if a victim does not pay.
Under Armour’s Position and Potential Fallout
Under Armour hasn’t said a word yet. No confirmation, no denial, just radio silence from their Baltimore headquarters. Meanwhile, millions of customers across 190 countries are left wondering what’s going on.
This is not its first security incident. Its MyFitnessPal app was breached in 2018. That event affected 150 million users. Past breaches exposed usernames and emails. But they spared financial data.
This new incident seems much broader and more severe. The inclusion of passport details is a major concern. If the claims are true, that stolen data opens the door for some pretty nasty, targeted scams.
Cybersecurity experts aren’t mincing words—they’re ringing all the alarm bells. They say groups like Everest have changed their strategy. Now they focus on stealing data instead of just locking it. This turns breaches into intelligence goldmines.
Customers are advised to take immediate steps. You should monitor your accounts for strange activity. Change your password on any Under Armour service. Turn on multi-factor authentication wherever you can.
Watch your inbox. Scammers love to jump on stories like this. If you get any emails about the hack, be careful. Until Under Armour says something, treat the claim seriously, but remember it’s just a claim for now. But the detailed sample makes it seem very credible.
