Everest ransomware gang said to be sitting on mountain of Under Armour data

Steven

Everest ransomware gang said to be sitting on mountain of Under Armour data

Summary

Have I Been Pwned (HIBP) says 72.7 million accounts registered with Under Armour were affected by an alleged ransomware incident that occurred in November. Files reportedly leaked by an alleged member of the Everest gang were posted to a cybercrime forum on 18 January and ingested by HIBP.

HIBP confirms leaked fields include names, email addresses, dates of birth, gender, geographic locations and previous purchase details. Everest claims the leak also contains phone numbers, physical addresses, loyalty programme details and preferred stores. Under Armour has not publicly acknowledged the incident and did not respond to enquiries.

A proposed class action lawsuit has been filed on behalf of an Under Armour customer. Everest — active since 2020 — has a history of high-profile claims and reportedly runs multiple revenue streams including double extortion, network access brokerage and insider recruitment.

Key Points

  • Have I Been Pwned reports 72.7 million Under Armour customer accounts allegedly affected.
  • Confirmed leaked data: names, email addresses, dates of birth, genders, geographic locations and purchase history.
  • Everest claims additional personal details were included, such as phone numbers, addresses and loyalty programme data.
  • Files were posted to a cybercrime forum on 18 January by an alleged Everest member.
  • Under Armour has not acknowledged the breach or answered media queries.
  • A proposed class action lawsuit has been filed by an Under Armour customer following the initial leak.
  • Everest is a long-running ransomware group (since 2020) with multiple monetisation methods and a history of high-profile claims.

Context and Relevance

This is a large-scale consumer data exposure affecting tens of millions of customers — the sort of incident that increases risks of identity theft, phishing and targeted fraud. It also highlights ongoing trends: persistent ransomware gangs using data-leak pressure, diversification of criminal revenue streams (including network brokering and insider recruitment), and delays or silence from breached organisations that leave customers uncertain.

Organisations should take note for vendor/supply-chain risk assessments; consumers should check Have I Been Pwned and consider password changes, multi-factor authentication and monitoring of financial accounts.

Author style

Punchy: Big number, big consequences. If you’re responsible for customer data, this is a wake-up call — read the detail and check your incident and communications plans. If you’re a customer, this story tells you what might be exposed and what to do next.

Why should I read this?

Short and blunt: if you or your customers have Under Armour accounts, this could matter to you. It’s not just another headline — 72.7 million records is huge. Read it to know what was leaked, whether you might be affected, and what steps to take fast.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2026/01/21/under_armour_everest/