Everest ransomware gang is claiming to have breached Under Armour, the American sportswear giant, and stolen 343 GB of internal company data, employee information, along with personal data of millions from various countries. The claims were published earlier today on the group’s official dark web leak site.
Sample Data Includes Sensitive Customer and Product Information
As seen by Hackread.com, the group has also published sample data to prove the authenticity of their claims. The sample data contains customer information and their shopping history, along with other details, including email addresses, phone numbers, purchase timestamps, product identifiers, prices, quantities, store preference records, location data for cities and regions, marketing campaign logs, deep link tracking entries, and identifiers tied to user accounts and transactions.
The leaked data also includes detailed product catalogue records linked with customer information, indicating it may originate from a marketing, personalisation, or product registration system. Each entry contains product details such as SKU, name, type, category, size, colour, prices, availability, ratings, localised descriptions, and multiple regional links.
In addition to this, the records expose customer data, including email addresses, first names, consent status, language preference, and request timestamps. This combination of commercial and personal information reveals both product-level business intelligence and individual user behaviour, making it a serious data exposure if verified by Under Armour.
7 Day Deadline to Under Armour
Everest ransomware group has given Under Armour a seven-day deadline to make contact via Tox messenger, warning that the opportunity to respond is limited. In their message, they instructed a company representative to follow the contact steps “before time runs out,” accompanied by a countdown timer.
The group has a history of leaking data when companies refuse to engage or reject ransom demands. Previous incidents linked to Everest include the AT&T carrier website database with over half a million users’ data, 1.5 million Dublin Airport passenger records, and internal Coca-Cola employee data.
What’s Next for Under Armour Customers
Hackread.com has reached out to Under Armour for comment. The breach claims made by the Everest ransomware group should be treated as allegations until the company either confirms or denies them.
In the meantime, customers are advised to monitor their accounts and banking activity, change all associated passwords, enable two-factor authentication on any accounts linked to Under Armour, and remain cautious of emails claiming to be from the company. Attackers often exploit such incidents to launch phishing campaigns disguised as breach alerts.
(Photo by Kyle Bushnell on Unsplash)