Under Armour is investigating claims that 72 million customer records were exposed after the Everest ransomware group allegedly breached the company in November 2025, obtaining 343GB of data. The stolen data — now posted on a hacking forum and listed on Have I Been Pwned — reportedly includes email addresses, names, dates of birth, genders, geographic locations, phone numbers, physical addresses, and purchase history. Under Armour states there is no evidence the breach affected their main website, payment systems, or password storage.
What This Means
If you or your organization has purchased from Under Armour or used their apps such as MapMyRun, personal information may now be circulating in criminal marketplaces. Even without payment card data, the combination of email address, physical address, phone number, and purchase history creates a rich profile for phishing, identity theft, and targeted scams. Attackers can craft highly convincing messages referencing actual purchases or geographic data — making this breach more dangerous than a simple credential exposure.
What To Do Next
- Check Have I Been Pwned: Visit haveibeenpwned.com with the email used for Under Armour to confirm exposure.
- Watch for targeted phishing: Be skeptical of any emails, texts, or calls referencing Under Armour purchases, fitness data, or account issues — attackers now have the context to make scams look legitimate.
- Change your Under Armour password: Even though Under Armour claims passwords were not affected, update yours and ensure it is unique to that account.
- Enable MFA where available: Turn on two-factor authentication for your Under Armour account and any other accounts using the same email address.
- Consider a credit freeze: With names, addresses, dates of birth, and phone numbers exposed, a credit freeze or monitoring service can help catch unauthorized account openings.