Under Armor is investigating data breach allegations affecting 72 million people

The breach became widely known after millions of people received alerts warning that their information might have been compromised. While Under Armor says its investigation is ongoing, cybersecurity researchers reviewing the leaked data say it appears to include personal details potentially linked to customer purchases.

According to the breach notification service Have I Been Pwned, the dataset contains email addresses associated with approximately 72 million people, prompting the organization to notify affected users directly. The scale of the exposure has raised new concerns about how consumer data could be misused long after a breach occurs.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Third-party hack exposes CHTGPT account details

Millions of Under Armor customers were alerted after stolen account data surfaced on a hacker forum, making the breach public. (Thomas Trotschl/Photothek via Getty Images)

What happened in the Under Armor data breach?

The stolen data is said to be linked to A Ransomware attack It happened in November 2025. At that time, the Everest ransomware group claimed responsibility and attempted to blackmail Under Armor by threatening to leak internal files. In January 2026, customer data from that incident appeared publicly on a popular hacking forum. Shortly after, hack notification service Have I Been Pwned obtained a copy of the data and alerted affected users via email. According to reports, the vendor claimed that the stolen files came directly from the hack that occurred in November and included millions of customer records.

What data is disclosed

The leaked data set reportedly includes a wide range of personal information. Although payment card details are not confirmed, the exposed data is still valuable to cybercriminals.

Compromised information may include:

The researchers also found email addresses belonging to Under Armor employees within the data. This increases the risk of targeted phishing and commercial email scams.

Under Armour’s response so far

“We are aware of allegations that an unauthorized third party obtained certain data,” an Under Armor spokesperson told CyberGuy. “Our investigation into this issue, with the assistance of external cybersecurity experts, remains ongoing. Importantly, at this time, there is no evidence to suggest that this issue affected UA.com or the systems used to process payments or store customer passwords. Any suggestion that sensitive personal information of tens of millions of customers was compromised is baseless. The security of our systems and data is a top priority for UA, and we take this issue very seriously.”

Why does this violation matter?

Even without passwords or payment details, this hack still poses serious risks. Names, email addresses, dates of birth, and purchase history can be used to create very convincing scams. Cybercriminals often point to real purchases or account details to gain trust. As a result, phishing emails associated with this breach may appear legitimate and urgent. Over time, exposed data like this can also be combined with other breaches to create detailed identity profiles that are difficult to protect against.

How to check if your passwords are stolen

To find out if your email has been affected, visit the Have I Been Pwned website. This is the first and official source for the newly added dataset. Enter your email address to see if your information appeared in the leak. When you’re done, come back here for Step 1 below.

Ways to stay safe after an Under Armor data breach

If you receive a breach alert or believe your information may have been included, taking action now can reduce your risk later.

1) Change reused passwords And use a password manager

If you reuse the same password on other sites, change those passwords immediately. Even if Under Armor says passwords were not affected, exposed email addresses are often used in follow-up attacks. A password manager makes this easier. It creates strong, unique passwords for each account and stores them securely. This way, a single breach cannot open multiple accounts.

The leaked data reportedly includes email addresses, dates of birth and purchase details, which could be exploited in targeted phishing scams. (Kurt “CyberGuy” Knutson)

Next, check if your email has been exposed in previous breaches. Our #1 password manager pick has a built-in penetration scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

2) Watch for Under Armour-related phishing emails

Cybercriminals often move quickly after a breach. As a result, emails that appear to come from Under Armor or fitness brands may arrive in your inbox. Be wary of messages claiming there’s a problem with your account or a recent purchase. Don’t click on links or open attachments in unexpected emails. Alternatively, go directly to the company’s official website if you need to verify your account. Using powerful antivirus software can also help block malicious links and attachments before they can cause harm.

Illinois Department of Homeland Security data breach exposes records of 700,000 residents

The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to install strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.

3) Turn on two-factor authentication everywhere you can

Two-factor authentication (2FA) adds an extra layer of protection. Even if someone gets your password, they still need to take a second step to log in. Turn it on for email accounts first. Then enable it for shopping, fitness, and financial accounts. This single step can stop many account takeover attempts linked to compromised data.

4) Monitor password reset attempts and account alerts

After a breach, attackers often test stolen email addresses across multiple sites. This activity can result in password reset emails that you did not request. Pay close attention to these alerts. If you see one, secure the account immediately by changing the password and reviewing recent activity.

5) Be skeptical of messages referring to previous purchases

This hack included purchase information, making the scams more convincing. Attackers may refer to real products or order details to gain your trust. Treat any message that pressures you to act quickly as suspicious. Legitimate companies do not demand immediate action via email or text.

6) Reduce your exposure with a data removal service

Over time, exposed personal data often ends up in the hands of data brokers. These companies collect and sell profiles that scammers use to target. Our data removal service can help you request that your information be deleted from these databases. Reducing what is publicly available makes it difficult for criminals to create detailed profiles.

While no service can guarantee complete removal of your data from the Internet, a data removal service is truly a smart choice. It’s not cheap, and neither is your privacy. These services do all the work for you by systematically monitoring and scraping your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to clear your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches to information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.

Get a free check to see if your personal information is already on the web: Cyberguy.com.

Security experts warn that even without payment data, exposed personal information can lead to fraud long after a breach is discovered. (Cheng Xin/Getty Images)

Key takeaways for Kurt

The Under Armor data breach is a reminder that even major global brands can become targets. Although payment systems appear to be unaffected, the disclosure of personal data still creates long-term risks for millions of customers. Data breaches often unfold over time. What starts as leaked logs can later lead to fraud, identity theft, and targeted attacks. Staying alert now can reduce the chance of bigger problems later.

If your personal shopping or fitness data was exposed in a breach like this, would you continue to use the brand or move to a competitor? Let us know by writing to us at Cyberguy.com.

Click here to download the FOX NEWS app

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.