If you thought your Under Armour account was just about tracking workouts or scoring deals on running shorts, think again. In late 2025, while most folks were recovering from holiday hangovers, ransomware group Everest was busy rifling through the data vaults of Under Armour. Fast forward to January 2026, and the company sheepishly admitted that, yes, they let the private information of close to 73 million customers waltz onto the dark web. It’s equal parts shocking and depressingly familiar, given how often this sort of thing happens. This isn’t exactly uncharted territory for mega-brands—but the size and silence in the aftermath? That’s what’s raising eyebrows.
The Recipe for a Perfect Security Disaster
Let’s break down exactly what Everest snatched and then dumped online. The main takeaway: the trove included email addresses, names, genders, dates of birth, and ZIP codes—an irresistible starter pack for scammers, spammers, and anyone who gets a kick out of phishing for fools. Not “sensitive” financial data, Under Armour says, as if that’s supposed to make you sleep better. Don’t be reassured—the files got more personal than you’d want to admit: some lucky winners even had their phone numbers, purchase histories, and street addresses included for good measure.
The irony? Under Armour’s official line went something like, “Nothing to see here, especially nothing involving passwords or payment systems.” Translation: Sure, your identity just became an open buffet, but your credit card information might (maybe) be safe. As if hackers only care about digits on a Visa.
The Silence Was Deafening
Here’s where things get juicy. Have I Been Pwned—the site single-handedly responsible for making millions of people nervously search their email addresses every month—blew the whistle first. And Troy Hunt, the site’s founder, was left baffled. Why hadn’t Under Armour said a word, especially when companies twice as small often bend over backward to shout “breach” at the faintest whiff of trouble? Most brands can’t wait to tell you how sorry they are when your data gets dumped. Not Under Armour; they waited until outsiders forced their hand.
This isn’t just about brand reputation management or PR-based denial. It’s the cold, hard fact that if no one had asked, you’d still be none the wiser—while scammers prepped emails that sound alarmingly accurate about your last shoe purchase and new zip code.
Ransom, Leaks, and an Internet Full of Risk
Let’s talk about the Everest ransomware group. They went through the usual routine: sneak in, scoop up data, demand ransom, and when Under Armour refused to pay, they dumped everything online. 343GB of company secrets. No, not all your data was in there, but enough to keep millions awake at night. Congratulations to the handful who still believed their "MyFitnessPal"-linked account was somehow immune.
Now, you’re probably going to see a spike in phishing emails, scam calls, and maybe even fake athletic-wear discounts in your inbox. Cybersecurity folks echo what’s become a depressingly standard warning: “Be vigilant.” In other words, you’re on your own.
- Don’t click on suspicious links. Ever.
- Assume unsolicited calls referencing Under Armour are scammers.
- Consider monitoring your credit reports—just in case someone thinks your 2012 sweatband purchase qualifies you for a new credit line.
Legal Pressure Mounts as Customers Get Angry
Cue the lawsuits. Within days, lawyers smelling blood (or at least another billable case) filed a class-action suit. Customers claim Under Armour did less than the bare minimum to protect their personal information. They’ve also got a beef with just how long the company sat on its hands before telling anyone. The courts will now get to rake over what "appropriate safeguards" actually mean for a brand used by millions who probably thought privacy controls meant something.
Wall Street Yawns, Then Blinks
All this drama, and what does the stock market do? Basically nothing. Under Armour shares have bobbed around, unaffected by the world learning the company let a ransomware outfit stroll through its records. For all the noise about data breaches tanking companies, investors have learned to shrug off this mess unless financial data—or deep corporate rot—gets exposed.
Here’s a fun fact for you: as of January 24, Under Armour’s stock is just over six bucks, barely blinking beyond its 89-cent uptick, as if Wall Street already priced in "breaches happen." That’s institutional apathy in the face of your risk.
This Isn’t Getting Better… for Anyone
Some folks at Under Armour want you to believe they’ve got this under control. Maybe they do. Maybe they don’t. But let’s not kid ourselves: when a company waits to admit it’s lost control of tens of millions of customer records—and only fesses up because cybersecurity watchdogs drag it into the public eye—it’s a red flag that trust and transparency still come last. No amount of breezy statements about payment processor security can cover up the sense that, really, companies hope you never notice these "minor" leaks.
You’d think, by now, major retailers would know that a breach at this scale isn’t just another line in a quarterly report. It’s a wake-up call—except no one seems keen to hear it. If you’re one of the lucky 72,742,892, join the club: try some credit monitoring, check your inbox for sketchy emails, and maybe rethink how much of your data you actually want floating in the cloud. Under Armour might survive the news cycle. Whether you and your identity do the same is another story.
