Nike is checking for a possible cyberattack
A ransomware gang claims to have stolen data from Nike. The company is investigating the incident. Allegedly, design prototypes were also stolen.
(Image: Gorodenkoff/Shutterstock.com)
Nike is investigating a potential data breach after the extortion group WorldLeaks claimed to have stolen and partially published a massive amount of internal data from the US sports apparel manufacturer. Personal and business data are said to have been stolen in the cyberattack.
"We take the privacy of our customers and data security very seriously at all times," Nike said in a statement on Monday. "We are investigating a potential cybersecurity incident and are actively assessing the situation."
The cyberattack became known on January 22. The ransomware group WorldLeaks is said to be responsible. It systematically steals data using compromised websites, phishing emails, and unsecured VPN access to extort companies. More than 100 companies are said to have already fallen victim to the group, including computer manufacturer Dell. The group is said to be a rebranding of Hunters International, a ransomware gang active since 2023.
Design prototypes compromised?
World Leaks stated that it has published 1.4 terabytes (TB) of data related to Nike's business activities. In a list, which the web portal The Register has seen, the cybercrime group claims to have stolen 188,347 files from the company's systems. The published file names suggested design and manufacturing processes rather than customer databases, The Register further reported. Examples include directories labeled "Women's Sportswear," "Men's Sportswear," "Training Resource – Factory," and "Garment Making Process." This indicates files from the areas of product development and production processes. So far, there are no indications that customer or employee data are affected.
Videos by heise
However, no company likes to lose internal information such as designs, training materials, and process documentation. According to the online portal it-daily, the stolen information includes details about the planned SP27 collection of the Nike brand Jordan Brand. WorldLeaks is said to have gained access to technical product specifications, material lists, as well as design drafts and prototypes from various product cycles. Furthermore, sensitive information about manufacturing is said to have been compromised, including documents on quality checks in production facilities, supplier information, and documentation on manufacturing processes.
Sports apparel manufacturers particularly vulnerable
According to The Register, "the complex global supply chains and the constant stream of new designs that move back and forth between partners" make fashion and sportswear companies a popular target for cybercriminals. They do not need to steal customer databases to cause damage.
Recently, another US sports apparel company fell victim to a cyberattack. A ransomware gang infiltrated Under Armour and stole massive amounts of data. Last week, 72.7 million data records appeared on Have I Been Pwned, including names, email addresses, dates of birth, gender, geographic locations, and purchase information.
(akn)
