NEWYou can now listen to Fox News articles!
Sportswear and fitness brand Under Armour is investigating claims of a massive data breach after customer records were posted on a hacker forum.
The breach became widely known after millions of people received alerts warning their information may have been compromised. While Under Armour says its investigation is ongoing, cybersecurity researchers reviewing the leaked data say it appears to include personal details potentially linked to customer purchases.
According to breach notification service Have I Been Pwned, the dataset contains email addresses linked to approximately 72 million people, prompting the organization to notify affected users directly. The scale of the exposure has raised new concerns about how consumer data can be misused long after a breach occurs.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
THIRD-PARTY BREACH EXPOSES CHATGPT ACCOUNT DETAILS
Millions of Under Armour customers were alerted after stolen account data surfaced on a hacker forum, bringing the breach into public view. (Thomas Trutschel/Photothek via Getty Images)
What happened in the Under Armour data breach
The stolen data is reportedly linked to a ransomware attack that occurred in November 2025. At the time, the Everest ransomware group claimed responsibility and attempted to extort Under Armour by threatening to leak internal files. In January 2026, customer data from that incident appeared publicly on a popular hacking forum. Soon after, breach notification service Have I Been Pwned obtained a copy of the data and alerted affected users by email. According to reports, the seller claimed the stolen files came directly from the November breach and included millions of customer records.
What data was exposed
The leaked dataset reportedly includes a broad range of personal information. While payment card details have not been confirmed, the exposed data is still valuable to cybercriminals.
Compromised information may include:
Researchers also found email addresses belonging to Under Armour employees within the data. That increases the risk of targeted phishing and business email compromise scams.
Under Armour’s response so far
“We are aware of claims that an unauthorized third party obtained certain data,” an Under Armour spokesperson told CyberGuy. “Our investigation of this issue, with the assistance of external cybersecurity experts, is ongoing. Importantly, at this time, there’s no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded. The security of our systems and data is a top priority for UA, and we take this issue very seriously.”
Why this breach matters
Even without passwords or payment details, this breach still poses serious risks. Names, email addresses, birth dates and purchase history can be used to create highly convincing scams. Cybercriminals often reference real purchases or account details to gain trust. As a result, phishing emails tied to this breach may appear legitimate and urgent. Over time, exposed data like this can also be combined with other breaches to build detailed identity profiles that are harder to protect against.
How to check if your passwords were stolen
To see if your email was affected, visit the Have I Been Pwned website. It is the first and official source for this newly added dataset. Enter your email address to find out if your information appears in the leak. When done, come back here for Step 1 below.
Ways to stay safe after the Under Armour data breach
If you received a breach alert or believe your information may be included, taking action now can reduce your risk later.
1) Change reused passwords and use a password manager
If you reused the same password on other sites, change those passwords right away. Even if Under Armour says passwords were not affected, exposed email addresses are often used in follow-up attacks. A password manager makes this easier. It creates strong, unique passwords for each account and stores them securely. That way, one breach cannot unlock multiple accounts.
The leaked data reportedly includes email addresses, birthdates and purchase details, which can be exploited in targeted phishing scams. (Kurt “CyberGuy” Knutsson)
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
2) Watch for phishing emails tied to Under Armour
Cybercriminals often move fast after a breach. As a result, emails that appear to come from Under Armour or fitness brands may land in your inbox. Be cautious of messages that claim there is an issue with your account or a recent purchase. Do not click links or open attachments in unexpected emails. Instead, go directly to the company’s official website if you need to check your account. Using strong antivirus software can also help block malicious links and attachments before they cause harm.
ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
3) Turn on two-factor authentication everywhere you can
Two-factor authentication (2FA) adds an extra layer of protection. Even if someone gets your password, they still need a second step to log in. Turn it on for email accounts first. Then enable it for shopping, fitness and financial accounts. This single step can stop many account takeover attempts linked to breached data.
4) Monitor for password reset attempts and account alerts
After a breach, attackers often test stolen email addresses across multiple sites. That activity can trigger password reset emails you did not request. Pay close attention to these alerts. If you see one, secure the account immediately by changing the password and reviewing recent activity.
5) Be skeptical of messages that reference past purchases
This breach included purchase information, which makes scams more convincing. Attackers may reference real products or order details to earn your trust. Treat any message that pressures you to act quickly as suspicious. Legitimate companies do not demand immediate action by email or text.
6) Reduce your exposure with a data removal service
Over time, exposed personal data often ends up with data brokers. These companies collect and sell profiles that scammers use for targeting. A data removal service can help you request the deletion of your information from these databases. Reducing what is publicly available makes it harder for criminals to build detailed profiles.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
Security experts warn that even without payment data, exposed personal information can fuel fraud long after a breach is discovered. (Cheng Xin/Getty Images)
Kurt’s key takeaways
The Under Armour data breach is a reminder that even major global brands can become targets. While payment systems appear unaffected, the exposure of personal data still creates long-term risks for millions of customers. Data breaches often unfold over time. What starts as leaked records can later fuel scams, identity theft and targeted attacks. Staying alert now can reduce the chance of bigger problems later.
If your personal shopping or fitness data were exposed in a breach like this, would you keep using the brand or move on to a competitor? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
