UnderArmour
underarmour.com
About This Breach
Under Armour, an American sportswear and athletic apparel brand, was claimed as a victim by the Everest ransomware group in November 2025 in an attempted extortion alleging access to 343GB of data. Customer data from the incident was later published publicly in January 2026, exposing 73M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
Data Exposed
Breach Details
| Breach Type | Data Breach |
| Searchable | Yes |
| Verified | Yes |
| Sensitive Data | No |
| Reference | No reference available |
Frequently Asked Questions
When did the UnderArmour data breach happen?
UnderArmour was breached in Nov 2025. The breach was added to the XposedOrNot index on February 14, 2026.
How many records were exposed in the UnderArmour breach?
73,065,604 records were exposed, making it the #34 largest of the 763 breaches in our index.
What data was exposed in the UnderArmour breach?
The exposed data includes: Email addresses, Names, Genders, Geographic locations, Dates of birth.
What should I do if I was affected by the UnderArmour breach?
Change your password on the affected service (and anywhere you reused it), turn on two-factor authentication, and set up free breach alerts on XposedOrNot so you know the moment your email appears in a new breach.
What Should You Do?
Enable Two-Factor Authentication
Add 2FA on all supported accounts using an authenticator app like Google Authenticator or Authy.
Monitor Your Accounts
Set up login alerts and review account activity regularly for suspicious access.