What Happened
In November 2025, specifically around November 17-18, the Everest ransomware group claimed responsibility for breaching Under Armour’s systems, exfiltrating approximately 343GB of sensitive data including email addresses, phone numbers, full names, dates of birth, genders, physical addresses, purchase histories, passport information, and internal corporate documents affecting customers and employees worldwide. The attackers issued a seven-day ultimatum for ransom payment in Monero, threatening dark web leaks, and after no payment, published samples and the full dataset—totaling about 19.5GB across 72.7 million unique email records and 191 million records overall—on hacking forums by January 2026. Under Armour began investigating but has not fully confirmed the breach or issued widespread notifications, prompting multiple class action lawsuits alleging negligence in cybersecurity safeguards like encryption and timely alerts. This incident highlights Everest’s double-extortion tactics and risks of identity theft, phishing, and fraud for affected individuals.
