Data leak: 72 million records from Under Armour leaked

The Have-I-Been-Pwned project (HIBP) has added 72.7 million records from the clothing brand Under Armour to its data pool. These fell into the wrong hands last fall during a ransomware gang's intrusion into the company.

HIBP operator Troy Hunt has now announced on the Have-I-Been-Pwned website. In November, the cyber gang Everest claimed to have penetrated Under Armour's IT systems and stolen data. They then extorted Under Armour for ransom, with a deadline of seven days. Under Armour apparently let this pass without a response. In January, customer data from the IT incident appeared in a well-known underground internet forum.

Extensive customer data leaked

The dataset was allegedly 343 GB in size. According to a report on X, the unpacked 19.5 GB dataset from the underground forum contained 72.7 million email addresses and a total of over 191 million entries, spread across multiple files. “Many entries also included personal information such as names, dates of birth, gender, geographic location, and information about purchases made,” Hunt writes in his summary.

This data can be misused by malicious actors for more targeted, tailored phishing. Customers should exercise particular caution with messages or emails related to Under Armour, especially if they create a sense of urgency. Under Armour has not yet publicly commented on the IT incident.

Last fall, the cyber gang Everest also infiltrated Collins Aerospace's passenger processing system, “MUSE,” and exfiltrated data. This subsequently led to disruptions to air traffic at several European airports. The online criminals claimed to have gained access through doors that had been left open for years: the FTP server was publicly accessible, and the login credentials had already been stolen by an infostealer in 2022 -- meaning they had already ended up in underground data dumps.

(dmk)