Under Armour Breach Exposes 72 Million Customer Emails to Hackers

If you have ever purchased from Under Armour, your email address may now be in the hands of cybercriminals. The Everest ransomware gang leaked 72.7 million customer records after the athletic apparel company apparently refused to pay a ransom. The breach includes email addresses, names, purchase histories, and geographic locations, creating a detailed profile that scammers can use for targeted phishing attacks.

What Was Exposed

According to Have I Been Pwned, which added the breach to its database, the leaked data includes:

• Names and email addresses
• Dates of birth and genders
• Geographic locations
• Purchase history details

The Everest gang claims the breach also includes phone numbers, physical addresses, loyalty program information, and preferred store locations, though not all of these have been independently verified.

Notably, passwords and financial information do not appear to be part of the leak. Under Armour stated there is no evidence the breach affected their main website or payment processing systems.

How the Attack Happened

The Everest ransomware gang, operating since 2020, claimed responsibility for the attack. The timeline shows a familiar pattern:

• November 2025: The initial breach occurred
• Two months later: Everest posted Under Armour to their leak site, demanding ransom within seven days
• January 18, 2026: With no payment received, the gang leaked the data on a cybercrime forum
• January 21, 2026: Have I Been Pwned confirmed and published the breach details

Under Armour has remained largely silent throughout. The company has not issued a public breach notification and has declined to answer media questions since the attack was first reported in November.

Why This Breach Is Dangerous

At first glance, a breach without passwords or financial data might seem minor. It is not. The combination of email addresses with purchase history and personal details creates perfect conditions for targeted phishing.

Consider what an attacker now knows: your email, what products you bought, when you bought them, and where you live. A phishing email could reference a specific past purchase, offer a fake discount on products you actually buy, or claim to be from a store near your location. This contextual information makes scam emails far more convincing than generic phishing attempts.

Troy Hunt, creator of Have I Been Pwned, noted his surprise at the lack of official disclosure from Under Armour given the scale of the breach and the time that has passed since the initial attack.

Legal Action Already Underway

A proposed class action lawsuit has been filed against Under Armour by law firm Chimicles Schwartz Kriner & Donaldson-Smith on behalf of affected customers. The case alleges the company failed to adequately protect customer data and has not properly disclosed the breach to those affected.

What You Should Do

If you have ever shopped at Under Armour, assume your information was compromised. Take these steps:

• Check Have I Been Pwned to confirm if your email appears in the breach
• Be extremely cautious of emails claiming to be from Under Armour, especially those referencing past purchases or offering special deals
• Never click links in unexpected emails. Instead, go directly to the company website by typing the address
• Update your Under Armour account password even though passwords were not part of the leak. Use a unique password not shared with other accounts
• Enable two factor authentication on your email account to prevent attackers from gaining access if they attempt credential stuffing with passwords from other breaches

Data breaches are inevitable, but their impact does not have to be. Stay vigilant about what arrives in your inbox, especially from companies you have done business with in the past.