A massive cybersecurity incident has rocked Nike, with the extortion group WorldLeaks claiming responsibility for stealing and leaking over 1.4TB of internal data—nearly 190,000 files. The breach, which reportedly dates back to January 2025, surfaced publicly in late January 2026, exposing sensitive operational details just as the company navigates job cuts and turnaround efforts.
Breach Timeline and Nike’s Response
WorldLeaks added Nike to its dark web leak site with a countdown timer that expired around January 26, 2026, triggering the full data dump.
Nike confirmed the next day it’s probing a “potential cybersecurity incident,” emphasizing consumer privacy while assessing the situation—no ransom payment or breach scope details disclosed yet.
This follows a pattern of supply chain-focused attacks, with rumors pointing to unpatched vulnerabilities in third-party systems.
Exposed Data Breakdown
The leak centers on R&D and manufacturing intel, including tech packs, prototypes, schematics, design files from 2020 onward, and supply chain specifics like factory audits, partner info, and production workflows.
Internal documents cover strategic presentations, employee training materials, videos, and partnerships; customer data exposure remains unconfirmed.
Directories like “Women’s Sportswear,” “Men’s Sportswear,” and “Garment Making Process” highlight the operational depth of the compromise.
WorldLeaks: Evolution of an Extortion Threat
WorldLeaks operates as a rebranded successor to Hunters International (linked to Hive ransomware), ditching file encryption for pure data exfiltration and leak threats via an extortion-as-a-service model.
Active since early 2025, the group has claimed 119+ victims across manufacturing, defense (e.g., L3Harris), healthcare, and government by January 2026, using automated theft tools and public shaming tactics.
Their Tor-based site tracks affiliate posts, prioritizing stealth over ransomware payloads.
Potential Fallout and Lessons
Leaked blueprints risk fueling counterfeiting and product launch disruptions via exposed calendars, while supply chain data enables phishing, fraud, or sabotage against partners.
Experts warn of cascading effects: attackers could pivot to vendor networks using stolen credentials, amplifying third-party risks in global operations.
For cybersecurity pros, this underscores prioritizing supply chain patching, zero-trust segmentation, and rapid incident response—Nike’s case may signal more extortion waves targeting brand IP.
