Everest Ransomware Claims Breach of Sportswear Giant Under Armour, Stealing Over 340 GB of Customer and Company Data
Published on November 18, 2025
Key Takeaways
- Ransomware claim: The Everest ransomware group has claimed to have breached Under Armour, a major American sportswear company.
- Alleged data theft: The group claims to have stolen 343 GB of data, including customer information, product records, and internal company files.
- Public demand: Everest has publicly given Under Armour a seven-day deadline to establish contact before they potentially leak the stolen data.
The Everest ransomware group has publicly claimed responsibility for a significant data breach involving the American sportswear giant, Under Armour. In a post on its dark web leak site, the threat actor alleged it exfiltrated 343 GB of sensitive data. The incident is currently based on the group's assertions, and Under Armour has not yet issued a public confirmation.
Scope of the Alleged Under Armour Data Leak
This alleged Under Armour data breach is extensive, according to the Everest ransomware group. The gang released sample data to support its claims, which reportedly includes millions of client and employee records containing:
- customer shopping histories,
- user IDs,
- email addresses,
- phone numbers,
- location data,
- email addresses,
- phone numbers,
- passport information,
- gender data,
- work and personal email details,
- detailed internal information,
- product catalog records with SKUs,
- pricing,
- availability,
- marketing campaign logs.
The combination of business intelligence and personal customer data, if verified, would constitute a severe data security incident. The threat actors have set a 7-day countdown for Under Armour to contact them via a secure messenger.
Implications and Previous Everest Activity
The Everest group has a documented history of targeting major corporations and leaking their data when ransom demands are not met. While the claims against Under Armour are pending official verification, customers are advised to remain vigilant. It is recommended to:
- Monitor their financial accounts,
- Update passwords associated with Under Armour,
- Be cautious of potential phishing emails that may leverage the news of this alleged breach.
Past victims allegedly include AT&T, the Dublin Airport, and a Coca-Cola bottling partner. Most recently, Everest claimed a Mailchimp breach in August.
What Is the Under Armour Scandal?
Under Armour in June 2024 agreed to a $434 million settlement in a 2017 class action lawsuit alleging the company lied to shareholders about its revenue growth in order to meet Wall Street forecasts.
In December 2018, a massive data breach hit 16 websites, resulting in the theft of over 617 million accounts from companies including Under Armour, MyHeritage, Whitepages, and Armor Games.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular