Under Armour, the popular athletic apparel brand, is at the center of a massive data breach exposed in January 2026. Ransomware group Everest claimed responsibility after allegedly stealing 343GB of data in November 2025, with 72 million customer records later dumped online. If you’ve shopped at Under Armour or used their apps, your personal information could be at risk—emails, names, birth dates, purchase histories, and more are now circulating on hacking forums.
This isn’t just another corporate headache; it’s a wake-up call for everyday shoppers. Unlike encrypted attacks, this was double-extortion: hackers stole data first, then threatened leaks. Under Armour confirmed they’re investigating with experts but downplayed password impacts and denied mass compromises.Have I Been Pwned has already indexed the breach, notifying millions.As of January 23, 2026, no official customer alerts appear on their site.
Breach Timeline for Shoppers
- November 2025: Everest posts proof-of-hack with data samples, demands ransom.
- December 2025: Lawsuits pile up, accusing weak security.
- January 2026: Full leak hits; emails flood HIBP subscribers.
The exposed trove includes everyday details: your email for order confirmations, gender from profiles, locations from shipping, and purchases revealing fitness habits.No credit cards were hit, per reports, but that’s cold comfort when identity thieves thrive on PII like DOB and addresses.
Under Armour’s Stance and Gaps
The company says payment systems held firm and most passwords stayed safe, hiring firms to probe. Yet, they’ve skipped direct outreach, leaving consumers to scramble via HIBP or news. Critics call this reactive; lawsuits argue prior warnings were ignored.Compare to past breaches: Under Armour’s 2018 MyFitnessPal leak hit 150 million—history repeating?
Action Plan: Protect Yourself Today
Don’t wait for Under Armour’s next update. Here’s your step-by-step shield:
- Check Exposure: Head to haveibeenpwned.com, enter your email. Sign up for alerts.
- Lock Accounts: Change Under Armour passwords everywhere. Use unique, 16+ character passphrases with a manager like Bitwarden.
- Enable MFA: Turn on two-factor everywhere—apps beat SMS.
- Monitor Finances: Free credit freezes via Equifax/TransUnion. Watch for odd charges 6-12 months.
- Spot Phishing: Ignore “Under Armour security alert” emails; verify via app or official site.
- Device Scan: Run Malwarebytes or Windows Defender for keyloggers.
Retail giants store goldmines of your life—demand better. Push brands for zero-trust models and transparent patching. This breach underscores 2026’s ransomware surge: consumer data is the new currency.
Stay vigilant; one leak rarely stays isolated. Share this if you’ve got Under Armour gear—forewarned is forearmed.
