What happened
According to public breach records, the Under Armour data breach on November 17, 2025 is reported to have exposed the personal information of 72,742,892 accounts.
In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
In November 2025, the Everest ransomware group breached Under Armour and claimed to have stolen roughly 343GB of data, later publishing a dataset of about 72.7 million customer accounts on a cybercrime forum on January 18, 2026, which Have I Been Pwned subsequently catalogued. The leaked records contained names, email addresses, dates of birth, genders, geographic location data such as ZIP/postcodes, and purchase history, along with some employee email addresses. Under Armour confirmed it was investigating with external cybersecurity experts and stated there is no evidence the issue affected UA.com or the systems used to process payments or store customer passwords, disputing characterizations that highly sensitive personal information of tens of millions of customers had been compromised.
What data was exposed
The following types of personal data were compromised:
- Dates of birth
- Email addresses
- Genders
- Geographic locations
- Names
- Purchases
Breach details
| Detail | Value |
|---|---|
| Breach name | Under Armour |
| Date | November 17, 2025 |
| Accounts affected | 72,742,892 |
| Domain | underarmour.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Under Armour; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Treat unsolicited emails, texts, or calls referencing Under Armour purchases or your order history as potential phishing, since the leak pairs your email and name with real purchase details that scammers use to sound legitimate; never click links or share more data in response.
- Because dates of birth and geographic/location data were exposed, be cautious with identity-verification prompts that rely on them and consider tightening any account security questions that use your DOB or address.
- No passwords were reported compromised, but if you reused your Under Armour password elsewhere, change it on those sites and enable two-factor authentication to guard against credential-stuffing follow-on attacks.
- Stay alert for targeted scams that combine your name, email, and buying habits such as fake refund, shipping, or loyalty-reward messages; verify any order or account notice by going directly to the official site rather than links in a message.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Under Armour Investigates Data Breach - Infosecurity Magazine
- Under Armour data breach claims trigger alerts for millions of users - Fox News
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →