Everest claims massive Under Armour breach “millions of personal records” and 343GB of internal documents stolen

18.11.2025 2 minutes Author: Newsman

The ransomware group Everest claims to have breached Under Armour, stealing millions of customer records and 343GB of internal company data. Under Armour has not yet confirmed the attack.

The Everest ransomware gang posted on its dark-web leak site that it had compromised Under Armour, the global activewear and footwear brand with 2025 revenues of $5.1 billion.

The hackers claim to have exfiltrated “millions of personal data from different countries,” along with 343GB of internal documents, including:

  • customer PII;

  • detailed purchase histories (prices, quantities, returns, shipping status);

  • subscriber home addresses, emails, genders, countries;

  • employee personal and work data (emails, addresses, teams, office locations).

A countdown clock on the leak page urges Under Armour to contact the group before the timer expires.

Cybernews reviewed the database schema samples provided by Everest. No credit card data was found, but the leaked fields contain extensive identity information that could facilitate:

  • phishing and social engineering;
  • identity theft;
  • account hijacking;
  • targeted attacks on employees and customers.

Under Armour has not yet issued a statement regarding the alleged breach.

Everest is one of the fastest-growing ransomware groups. According to Ransomlooker, the gang has listed over 250 victims since 2023, including more than 100 in the past year.

Notable attacks attributed to Everest include:

  • Collins Aerospace — impacting the MUSE check-in system across Europe;

  • threats involving Dublin Airport passenger data;

  • claimed breach of BMW and a subsidiary of DZ Bank;

  • attacks across the Middle East (Coca-Cola Middle East, Jordan Kuwait Bank, Abu Dhabi Department of Culture and Tourism);

  • US-based Pacific HealthWorks, Crumbl cookie chain, Mailchimp, and Radisson Country Inn & Suites.

The group is believed to maintain ties with the BlackByte ransomware operation.

If confirmed, the Under Armour breach could be one of the most extensive retail-sector data exposures in recent years. The publication of database structures and a timed extortion message suggests substantial data theft. Customers and employees should remain alert to phishing attempts and fraudulent communications, while the company may soon face the public release of stolen data.

Subscribe
Notify of
0 Коментарі
Oldest
Newest Most Voted
Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.