Overview
- Have I Been Pwned obtained leaked files and emailed notifications to roughly 72.7 million accounts, citing exposed names, email addresses, dates of birth, genders, approximate locations and purchase information.
- A seller’s sample reviewed by TechCrunch matched HIBP’s data types and appeared to include millions of purchase records plus numerous Under Armour employee email addresses.
- Under Armour says it is investigating with external cybersecurity experts, reports no evidence of impact to UA.com, payment processing or stored passwords, and disputes that sensitive personal information for tens of millions was compromised.
- The Everest ransomware group claimed a November 2025 intrusion and about 343GB of data, with files posted to a cybercrime forum on January 18 and copies now circulating across hacker sites, according to multiple reports.
- A proposed class action has been filed alleging negligence and delayed notification, while security experts warn affected customers about elevated phishing and social‑engineering risks.