Personal data related to 72.7m accounts apparently stolen in November 2025 by Everest ransomware group
Major sports brands have become the latest victims of cyber crime, according to reports.
Photo by Markus Spiske / Unsplash
In November 2025, the Everest ransomware group claimed on its leak site that it had successfully hacked into the systems of American sportswear giant Under Armour Inc, and stolen some 343 GB of data including internal company information and data relating to millions of customers from different countries.
As evidence, the group shared some examples of stolen data. Now, the group has shared much more.
While Under Armour has not officially confirmed the attack, the breach notification service Have I Been Pwned reports a leak of around 72.7m unique customer records and emails, with more than 191m total records across multiple exports. It’s thought this data may include such information as names, email addresses, dates of birth, gender, geographic location and purchase data.
What’s more, it has emerged that another leasing sportswear company has been attacked. ‘We are investigating a potential cyber security incident and are actively assessing the situation,’ a representative from Nike told Footwear News.
Under Armour has issued a statement about the alleged incident: ‘We are aware of claims that an unauthorised third party obtained certain data. Our investigation of this issue with the assistance of external cybersecurity experts is ongoing. Importantly, at this time, we have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords.
‘Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded. The security of our systems and data is a top priority for Under Armour, and we take this issue very seriously.’
So, what are the implications – and what can we do better protect our own data?
George Foley, security spokesperson at digital security specialists ESET Ireland, says: ‘When a well-known consumer brand is linked to a major leak, criminals move fast. They do not stop at the data that was taken. They use it to create believable follow up emails, texts and even phone calls that look like they are coming from the company involved. The aim is to trick people into handing over more information, clicking a link, resetting a password through a fake page, or sharing payment details.
‘If you get a message that pressures you to act quickly, that is a red flag. Go directly to the company’s official website or app yourself, rather than using links in messages. And if you reused the same password anywhere else, change those accounts first. Password reuse turns one leak into several compromises.’
His company advises such measures as reviewing password hygiene and, where possible, enabling multifactor authentication (MFA). Caution over calls or texts that reference personal details is also recommended, as is watching for highly personalised phishing attempts that use known data points to sound credible.
In related news:
Greener, cleaner bin lorries thanks to £6.1m solar park in Cambridge
Leave a Reply