Cybercriminals have released data allegedly stolen from Under Armour, the global activewear and footwear brand, exposing 72.7 million accounts. Leaked emails with purchase histories are likely to be used in spear-phishing campaigns.
A threat actor using the moniker “thelastwhitehat” posted a 19.5GB dataset on an illicit marketplace, claiming it contains approximately 72,727,245 unique email addresses and a total of 191,577,365 records stolen from Under Armour.
Cybernews researchers confirmed that the exposed data includes customer and employee email addresses, as well as marketing data such as purchase history and store locations. However, the personally identifiable information isn’t extensive and comprises first names, genders, and approximate locations (postcodes), but no last names or physical addresses.
The data appears to have been exfiltrated from multiple dashboards, resulting in varying record counts and exposed data types.
Cybernews reported in November last year that the Everest ransomware group claimed to have breached Under Armour, and touted the theft of 343GB of internal company data.
“When Under Armour failed to meet the ransom demands within the given seven-day deadline, the group released the data,” the threat actor’s post reads.
“Today, I have uploaded the Under Armour database for you to download. Thanks for reading and enjoy!”
Leaked personal information, especially when combined with details such as purchase history, is highly sensitive and valuable to fraudsters, enabling them to craft convincing, targeted phishing attacks against victims.
Have I Been Pwned, a website that checks whether email addresses have appeared in data breaches, has already included the leaked dataset. Of 72.7 million email addresses, 76% have already been exposed in prior breaches, the service said.
Under Armour faces a proposed class action filed last year by a Texas customer after the ransomware gang announced the breach, Bloomberg reported. The complaint alleges that Under Armour failed to adequately protect private information and “to even encrypt or redact” highly sensitive information.
Under Armour, founded in 1996 by former University of Maryland football player Kevin Plank, manufactures men's, women's, and children's performance wear, which is sold in about 15,000 branded retail stores worldwide to millions of customers. The company’s 2025 revenue was listed at $5.1 billion.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked