Under Armour Data Breach 2025:
What You Need to Know
Approximately 72 million Under Armour customer records were exposed after the Everest ransomware group breached the apparel retailer. Here is what happened, what data was leaked, and steps you can take to protect yourself.
Your personal risk from this breach
Sign in or create a free account to see your personalised risk score.
What Happened
How the Under Armour Breach Unfolded
Early November 2025
The Everest ransomware group claimed an attack on Under Armour via its dark-web leak site, listing the apparel retailer among its victims and threatening to publish stolen customer data if a ransom was not paid. Under Armour was notified and began an internal investigation.
Mid-November 2025
Under Armour publicly confirmed the breach, disclosing that approximately 72 million customer records had been accessed. The company stated it would not pay the ransom and engaged external incident response specialists. Affected records included names, email addresses, dates of birth, genders, location data, and purchase information.
Not sure if you received a notification? Affected customers received an email from Under Armour referencing the incident and outlining the categories of data that may have been exposed.
Late November 2025
Have I Been Pwned imported the dataset, allowing customers to check whether their email address appeared in the leaked records. Affected customers continued to receive direct notification emails from Under Armour throughout late November.
Sources: Have I Been Pwned, Under Armour corporate communications
What Was Exposed
Personal Data Leaked in the Breach
The amount of data exposed varies between customers. According to Under Armour, all affected accounts had names and email addresses exposed, while a subset also had additional personal details including date of birth, gender, location data, and purchase history leaked.
| Data Type | Risk Level | Who Was Affected |
|---|---|---|
| Full name | High | All approximately 72 million affected customers |
| Email address | High | All approximately 72 million affected customers |
| Date of birth | High | Subset of affected customers |
| Gender | Low | Subset of affected customers |
| Location (city/region) | Medium | Subset of affected customers (derived from billing address) |
| Purchase information | Medium | Subset of affected customers (order history, product preferences) |
Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Identity-linked data (name, date of birth, location) is rated higher due to its potential use in identity fraud and targeted phishing.
✅ Confirmed NOT Exposed
Under Armour confirmed that full credit card numbers (PANs), CVV values, and account passwords were not stored in the affected system. Under Armour has historically used bcrypt to hash credentials. Note: Under Armour's 2018 MyFitnessPal breach did expose hashed passwords, but that is a separate incident from the 2025 breach.
Company Response
What Under Armour Did
“We take the protection of our customers' information seriously and are working with leading cybersecurity experts to investigate and respond to this incident.”
Actions Taken by Under Armour
- Refused to pay the ransom demanded by the Everest ransomware group
- Engaged external incident response and forensic specialists
- Notified relevant regulators including data protection authorities in affected jurisdictions
- Began direct email notifications to affected customers in mid-November 2025
- Reviewed and strengthened internal access controls and monitoring
- Provided customer guidance on phishing awareness and account security
What Now?
Steps You Can Take After the Under Armour Breach
Even though no passwords or full payment details were exposed, the combination of name email date of birth and location gives scammers enough information to craft convincing impersonation attempts. Here are general best-practice steps, organised by the types of accounts most commonly affected.
Under Armour and Fitness Retail Accounts
Many customers use the same email across MyFitnessPal, SHOP UA, and MapMyRun. Credential overlap is common.
Secure your Under Armour and related fitness accounts
~10 minReview other fitness and loyalty accounts
Email and Digital Identity
Your email is the key to your digital identity. Securing it is a sensible first step.
Strengthen email security
~5 minUnderstand your full account exposure
Identity Protection
Name + date of birth + location is commonly used in identity verification by financial institutions.
Consider a credit ban (especially if your date of birth and location were exposed)
~20 minWatch for targeted phishing referencing your purchases
~5 minMonitoring and Reporting
Australian, US, and EU resources for breach response and identity protection.
Contact IDCare (AU), FTC (US), or your national DPA (EU)
Report scams referencing the breach
Not sure which of your accounts are affected?
In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.
Are You Still at Risk?
The Hidden Danger: Compound Breach Exposure
The Under Armour breach did not happen in isolation. If your data also appeared in other major breaches, the combination of leaked information can build a more complete identity profile that scammers and fraudsters can exploit.
How breach data compounds
On its own, the Under Armour breach exposed names, emails, dates of birth, locations, and purchase information. But if your email also appeared in the 2018 MyFitnessPal breach (a sister brand), the Ticketmaster 2024 breach, or the LinkedIn 2021 scrape, the combined data set may include hashed passwords, partial billing details, and professional history. This kind of compound exposure significantly increases the risk of identity fraud and targeted phishing.
- MyFitnessPal (2018)150M records - email, hashed password (Under Armour sister brand)
- Ticketmaster (2024)560M records - name, address, partial billing details
- LinkedIn (2021)700M records - name, phone, employer information
- MOAB (2024)26B aggregated credentials from prior breaches
If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.
Frequently Asked Questions
Under Armour Breach FAQ
Other Major Australian Data Breaches
Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.
NYC Health + Hospitals Data Breach 2026
~1.8M records exposed
Australian Courts Data Breach 2026
Thousands of files records exposed
youX Data Breach 2026
~444K records exposed
Prosura Data Breach 2026
300K-500K records exposed
Canvas (Instructure) Data Breach 2026
~275M (claimed) records exposed
Booking.com Data Breach 2026
Undisclosed records exposed
McGraw Hill Data Breach 2026
13.5M records exposed
Crunchyroll Data Breach 2026
Undisclosed records exposed
Eurail Data Breach 2026
300K+ records exposed
Basic-Fit Data Breach 2026
1M records exposed
Salesforce (ShinyHunters) Data Breach 2025
~1B records exposed
Allianz Life Data Breach 2025
2.8M records exposed
Workday Data Breach 2025
Undisclosed records exposed
Western Sydney University Data Breach 2025
10K records exposed
Genea Fertility Data Breach 2025
940K records exposed
DeepSeek Data Breach 2025
1M records exposed
Tangerine Telecom Data Breach 2024
232K records exposed
Australian Clinical Labs Data Breach 2022
223K records exposed
Qantas Data Breach 2025
5.7M records exposed
Optus Data Breach 2022
9.8M records exposed
Medibank Data Breach 2022
9.7M records exposed
Latitude Financial Data Breach 2023
14M records exposed
MyDeal (Woolworths) Data Breach 2022
2.2M records exposed
Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Under Armour, Inc. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.