Under Armour Data Breach: What You Need to Know

Under Armour, a popular sports apparel company, is investigating a major data breach that exposed approximately 72 million customer records. The Everest ransomware group claimed responsibility for the ransomware event in November 2025, but late last week, the stolen information appeared on the breach-monitoring website Have I Been Pwned (HIBP). The exposed data includes email addresses, names, genders, birthdates, ZIP or postal codes, and purchase histories, as well as, in some cases, phone numbers, mailing addresses, loyalty program details, and preferred store locations. Under Armour has stated that there is no evidence that payment information or customer passwords were compromised.

Even if you have never shopped with Under Armour or created an online account with them, this breach might still affect you, and here’s why:  

• Investigators found that about 76% of the leaked Under Armour email addresses had already been exposed in prior incidents

• Cybercriminals routinely combine information from multiple breaches—pairing old email exposures with new details like ZIP codes or purchase histories—to craft highly realistic phishing emails. This increases the likelihood that anyone who has appeared in earlier breaches may face a rise in malicious emails. 

This event also reflects a broader trend of cyberattacks sweeping through the global fashion and retail industry. Cybercriminal groups have increasingly targeted high‑profile luxury houses such as Gucci, Balenciaga, Alexander McQueen, Louis Vuitton, Chanel, Cartier, and Dior.  Read the CISO update where we covered these stories back in May 2025 and August 2025. 

What You Can Do to Stay Safe

There are several steps individuals can take to reduce their risk, whether or not they have interacted with Under Armour or any other affected brand:

• Check your email on Have I Been Pwned. This is the quickest way to learn whether your information was included in the Under Armour breach or any other known incident.
• Change passwords immediately for any accounts associated with breached email addresses.
• Avoid reusing the same password across multiple services.
• Enable multi‑factor authentication (MFA) wherever possible. 
• Be alert to phishing attempts. Messages that reference recent purchases, familiar brands, loyalty programs, or shipping updates may be forged using data from large retail breaches.

Cyber threats may be growing, but with the right tools and awareness, you can stay cybersafe.