Under Armour, a popular clothing and fitness data company, is currently investigating claims of a data breach after a cybercriminal posted millions of customer records to a hacker forum. The seller, who spoke to JS, mentioned that the data was obtained during a November breach, which the Everest ransomware gang had previously taken credit for on its dark web leak site.
The news of this data theft gained more attention recently when breach notification site Have I Been Pwned acquired a copy of the stolen data and informed 72 million individuals via email that their information had been compromised. Among the stolen information were names, email addresses, genders, dates of birth, approximate locations based on postal or ZIP codes, and details related to customer purchases.
JS was provided with a sample of the stolen data by the seller, confirming that it contained millions of records of Under Armour customer purchases and aligned with the information reported by Have I Been Pwned. The data also included numerous email addresses belonging to Under Armour employees.
In response to these developments, Under Armour spokesperson Matt Dornic stated that the company is actively investigating the issue with the help of external cybersecurity experts. He reassured that there is currently no evidence to suggest that the breach affected UA.com or systems used for processing payments or storing customer passwords. Dornic also mentioned that only a small percentage of affected customers had sensitive information compromised.
However, when asked about the specific types of sensitive information and the exact number of affected customers, Dornic did not provide further details. He emphasized that any claims suggesting that sensitive personal information from tens of millions of customers had been compromised are unfounded.
Despite the ongoing investigation, Under Armour has not disclosed whether they plan to notify customers whose information was exposed or if they have received any ransom demands from the hackers. The company’s response to the breach remains a key point of interest as they work to address the situation and safeguard customer data.
