Everest Ransomware Alleges Major Data Breach Targeting Under Armour

The Everest ransomware group is alleging responsibility for a significant cybersecurity breach involving Under Armour, potentially exposing the data of millions of customers worldwide. 

According to statements published on the group’s dark web leak site, the attackers claim to have exfiltrated approximately 343 GB of internal company information, customer data, and employee records. 

While these claims have not yet been verified by Under Armour, the volume and nature of the sample data released by the group suggest that the incident, if confirmed, could pose serious privacy and security risks.

Sensitive Data Potentially Exposed

Everest asserts that the compromised data includes personal information belonging to customers across various countries, as well as internal product and business records. 

Early samples posted online appear to contain customer shopping histories, email addresses, phone numbers, purchase timestamps, product identifiers, pricing data, quantity details, store preferences, regional location data, marketing logs, and deep-link tracking metadata. 

This information can reveal insights into user behavior, brand engagement, and transactional patterns.

The leak also reportedly includes comprehensive product catalog information. 

This data appears tied to a marketing, personalization, or product-registration system due to its inclusion of stock-keeping units (SKUs), product names, types, categories, sizes, colors, availability metrics, ratings, and multilingual descriptions. 

In some cases, these entries were directly associated with customer accounts.

Additionally, the published records contain customer profile data, including first names, language preferences, consent statuses, and service request timestamps. 

When combined with the commercial metadata, the breach could offer cybercriminals both granular product-level intelligence and detailed personal information about individual customers. 

Such data, if authentic, increases risks related to identity theft, targeted phishing, and fraudulent activity.

Seven-Day Ultimatum From Everest

The Everest group has issued a seven-day deadline for Under Armour to establish contact through Tox messenger, a privacy-focused communication tool frequently used by cybercriminal organizations. 

A countdown timer on the group’s leak site warns that failure to respond within the given timeframe may result in the full release of the stolen data.

Everest has previously demonstrated a willingness to publish breached information when negotiations fail. 

Prior incidents attributed to the group include unauthorized disclosures involving AT&T’s carrier website database, more than 1.5 million Dublin Airport passenger records, and internal Coca-Cola employee information. 

What Under Armour Customers Should Do Now

As of now, the breach remains unconfirmed by Under Armour. 

Hackread reports that Under Armour has been contacted for comment, but no official statement has been issued at the time of writing. 

Until confirmation is provided, the allegations should be treated cautiously; however, the potential risks to consumers are significant enough to warrant proactive steps.

Customers who have interacted with Under Armour — whether through online purchases, app usage, product registration, or marketing subscriptions — should closely monitor account activity. 

Additional recommended steps include changing passwords, enabling two-factor authentication (2FA) wherever possible, reviewing bank and credit card statements for suspicious charges, and remaining alert to unsolicited emails referencing the company. 

Following large-scale data incidents, threat actors frequently exploit public concern by sending phishing messages disguised as breach notifications or customer-support outreach.

The claims made by the Everest ransomware gang represent a potentially serious cybersecurity event for Under Armour and its customers. 

While confirmation is still pending, the breadth of data described — spanning personal information, commercial intelligence, and internal business records — suggests potential meaningful risks if the breach is verified. 

Potential incidents like this highlight why organizations are increasingly turning to zero-trust security to reduce the impact of breaches and limit how far attackers can move within their networks.