A massive data breach involving Under Armour has exposed the personal information of millions of customers, after stolen records were shared online by a cybercriminal. The breach became widely known this week after breach notification service Have I Been Pwned obtained a copy of the stolen data and alerted around 72 million people by email that their information had been compromised. The data was posted to a hacker forum. The seller told TechCrunch that the data came from a cyberattack that took place in November. At the time, the Everest ransomware gang claimed responsibility for the attack in a post on its dark web leak site.
Have I Been Pwned said the leaked Under Armour data includes customer names, email addresses, gender, dates of birth, and approximate locations based on ZIP code or postal code. The dataset also contains information related to customer purchases. The data also contains large numbers of email addresses belonging to Under Armour employees.
Under Armour confirmed it is aware of the claims and said it is investigating the matter. “Our investigation of this issue, with the assistance of external cybersecurity experts, is ongoing. Importantly, at this time, there’s no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords,” Under Armour spokesperson Matt Dornic told TechCrunch.
Also read: Meta tries to limit evidence in child safety trial: Here’s what happened
Dornic also said, “What we know at this time is the number of affected customers with any sort of information that could be considered sensitive is a very small percentage.” The company did not explain what types of data it considers to be “sensitive,” nor did it provide a clear number of customers affected by the breach.
“Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded,” the spokesperson said.
Under Armour has not said whether it plans to notify customers whose data was exposed. The company also did not confirm whether it has been contacted by the hackers or received any ransom demands.