Under Armor data breach claims trigger alerts for millions of users

Sportswear and fitness brand Under Armor is investigating allegations of a massive data breach after customer records were posted on a hacker forum.

The breach became widely known after millions of people received alerts warning that their information may have been compromised. While Under Armor says its investigation is ongoing, cybersecurity researchers reviewing the leaked data say it appears to include personal details potentially linked to customer purchases.

According to breach reporting service Have I Been Pwned, the dataset contains email addresses linked to approximately 72 million people, prompting the organization to directly notify affected users. The magnitude of the exposure has raised new concerns about how consumer data can be misused long after a breach occurs.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS

What happened in the Under Armor data breach?

The stolen data is reportedly linked to a ransomware attack that occurred in November 2025. At the time, the Everest ransomware group claimed responsibility and attempted to extort Under Armor by threatening to leak internal files. In January 2026, customer data related to that incident appeared publicly on a popular hacking forum. Shortly afterward, breach reporting service Have I Been Pwned obtained a copy of the data and alerted affected users via email. The vendor reportedly claimed that the stolen files came directly from the November breach and included millions of customer records.

What data was exposed?

The leaked data set reportedly includes a wide range of personal information. While payment card details have not been confirmed, the exposed data is still valuable to cybercriminals.

Compromised information may include:

• Names
• Email addresses
• dates of birth
• Genres
• Approximate location by postal code or postal code
• Purchase history

Researchers also found email addresses belonging to Under Armor employees within the data. That increases the risk of spear phishing and business email compromise scams.

Under Armor’s response so far

“We are aware of claims that an unauthorized third party obtained certain data,” an Under Armor spokesperson told CyberGuy. “Our investigation into this issue, with the assistance of outside cybersecurity experts, is ongoing. Importantly, at this time, there is no evidence to suggest that this issue affected UA.com or the systems used to process payments or store customer passwords. Any implication that the sensitive personal information of tens of millions of customers has been compromised is unfounded. The security of our systems and data is a top priority for UA, and we take this issue very seriously.”

Why is this violation important?

Even without passwords or payment details, this breach still poses serious risks. Names, email addresses, dates of birth, and purchase history can be used to create very convincing scams. Cybercriminals often reference real purchases or account details to gain trust. As a result, phishing emails related to this breach may appear legitimate and urgent. Over time, exposed data like this can also be combined with other breaches to create detailed identity profiles that are more difficult to protect against.

How to check if your passwords have been stolen

To see if your email was affected, visit the Have I Been Pwned website. It is the first and official source of this newly added data set. Enter your email address to see if your information appears in the leak. When you’re done, come back here for Step 1 below.

Ways to stay safe after the Under Armor data breach

If you received a breach alert or believe your information may be included, taking action now can reduce your risk in the future.

1) Change reused passwords and use a password manager

If you reused the same password on other sites, change it immediately. Even if Under Armor says passwords were not affected, exposed email addresses are often used in subsequent attacks. A password manager makes it easier. Create strong, unique passwords for each account and store them securely. That way, one breach cannot unlock multiple accounts.

Next, check to see if your email has been exposed in previous breaches. Our #1 pick for password manager includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

2) Be on the lookout for phishing emails linked to Under Armor

Cybercriminals often act quickly after a breach. As a result, emails that appear to come from Under Armor or fitness brands may arrive in your inbox. Be wary of messages claiming there is a problem with your account or a recent purchase. Don’t click on links or open attachments in unexpected emails. Instead, go directly to the company’s official website if you need to check your account. Using powerful antivirus software can also help block malicious links and attachments before they cause damage.

ILLINOIS DHS DATA BREACH EXPOSES RECORDS OF 700,000 RESIDENTS

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2026 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

3) Activate two-factor authentication everywhere you can

Two-factor authentication (2FA) adds an extra layer of protection. Even if someone gets your password, they still need a second step to log in. Activate it first for email accounts. Then enable it for shopping, fitness, and financial accounts. This single step can stop many account takeover attempts linked to compromised data.

4) Monitor password reset attempts and account alerts

After a breach, attackers often test stolen email addresses on multiple sites. That activity may result in password reset emails that you did not request. Pay close attention to these alerts. If you see one, protect the account immediately by changing the password and reviewing recent activity.

5) Be skeptical of messages that reference past purchases

This breach included purchase information, making the scams more convincing. Attackers can reference real products or order details to gain your trust. Treat any message that pressures you to act quickly as suspicious. Legitimate companies do not demand immediate action via email or text message.

6) Reduce your exposure with a data deletion service

Over time, exposed personal data often ends up in the hands of data brokers. These companies collect and sell profiles that are targeted by scammers. A data deletion service can help you request removal of your information from these databases. Reducing what is publicly available makes it more difficult for criminals to create detailed profiles.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

Kurt’s Key Takeaways

The Under Armor data breach is a reminder that even major global brands can become targets. While payment systems do not appear to be affected, the exposure of personal data still creates long-term risks for millions of customers. Data breaches often develop over time. What begins as leaked records can later fuel scams, identity theft, and targeted attacks. Staying alert now can reduce the chance of bigger problems in the future.

If your personal shopping or fitness data were exposed in a breach like this, would you continue using the brand or move to a competitor? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams , free if you join me CYBERGUY.COM information sheet.

Copyright 2026 CyberGuy.com. All rights reserved.