Last updated 1 month ago
The Everest ransomware group compromised Under Armour, a global athletic apparel retailer, in November 2025. The attackers exfiltrated 343GB of customer data, which was subsequently published on a hacking forum in January 2026. The breach exposed 72,742,892 customer records containing email addresses and extensive personal information.
The ransomware attack involved data exfiltration prior to encryption, with the Everest group claiming access to Under Armour's systems. The published dataset included not only email addresses but also names, dates of birth, genders, geographic locations, and detailed purchase information. This combination of identifiers creates significant risks for targeted phishing, identity theft, and credential stuffing attacks against affected customers.
The stolen data became publicly available on a popular hacking forum in January 2026, indicating the ransomware group followed through on their threat to publish the data after the extortion attempt. The publication of 72 million email addresses with associated personal information represents one of the largest retail data breaches in recent years, with particularly sensitive exposure of purchase history alongside demographic data.
Ransomware attack with data exfiltration
This breach demonstrates that even established retail companies with significant security budgets remain vulnerable to ransomware attacks that combine encryption with data exfiltration. The exposure of purchase history alongside demographic identifiers creates unique risks for targeted social engineering attacks against customers. The incident highlights the need for enhanced monitoring of data exfiltration attempts alongside traditional ransomware protection measures in retail environments handling sensitive customer data.
Sign in to join the discussion.
Company
Industry
Location
Discovered
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor