SYS::ONLINE
Wasteland.
Briefs1161
Issues19
SinceFeb 2026
LIVE
▣ Breach UNDER-ARMOUR-72M 2026-07-13

Under Armour: 72 Million Customer Records Surface in Alleged Data Leak

"Under Armour is investigating claims that data tied to tens of millions of customer accounts has leaked online, after a dataset containing roughly 72 million email addresses surfaced on a hacking forum and was…"

Under Armour is investigating claims that data tied to tens of millions of customer accounts has leaked online, after a dataset containing roughly 72 million email addresses surfaced on a hacking forum and was subsequently added to the breach-notification service Have I Been Pwned. The company has acknowledged it is aware of claims that an unauthorized third party obtained certain data, but has not fully confirmed the attackers' claims and says its investigation with outside cybersecurity experts is ongoing.

What Happened

The claim centers on a dataset that first appeared on a hacking forum and was later ingested into Have I Been Pwned, the breach-notification service run by security researcher Troy Hunt. According to Have I Been Pwned, the incident involves approximately 72 million email addresses, with many records also containing names, dates of birth, genders, geographic locations, and purchase information.

Under Armour confirmed to TechCrunch that it was aware of claims that an unauthorized third party obtained certain data and that its investigation was ongoing. Crucially, the company stated it had no evidence at the time that UA.com, its payment-processing systems, or its password-storage systems were affected. The Associated Press reported that the breach is believed to have occurred in late 2025, aligning with the roughly 72 million affected email addresses cited by Have I Been Pwned.

What Was Taken

The reported dataset includes 72 million email addresses. Many of those records reportedly also include full names, dates of birth, gender, geographic information such as ZIP codes, and purchase history. Some reports referenced additional customer profile or transaction-related details, though Under Armour has pushed back on suggestions that highly sensitive information was compromised at a massive scale.

The distinction between what allegedly leaked and what remains unconfirmed is central to assessing the risk. Under Armour has stated there is no evidence that passwords or financial data were compromised. A leak of emails, names, birthdays, gender, geographic data, and purchase history is dangerous, but it is materially different from a confirmed exposure of passwords, credit card numbers, or bank details. As of this writing, the most sensitive categories have not been confirmed as exposed.

Why It Matters

Some observers dismiss email leaks on the grounds that email addresses are already widely shared. That is a mistake. An email address tied to a specific brand account is more valuable to criminals precisely because it confirms the person has, or had, an Under Armour account. That confirmation transforms a generic address into a targeting anchor.

Combined with names, dates of birth, gender, geographic data, and purchase history, this dataset provides everything an attacker needs to build convincing, personalized social-engineering campaigns. It can fuel phishing, scams, impersonation, credential-stuffing attempts, and targeted fraud. Purchase history in particular allows criminals to reference real orders, deliveries, and loyalty activity, dramatically raising the credibility of a fraudulent message. For enterprise defenders, incidents like this expand the raw material available for downstream attacks against both consumers and the brands being impersonated.

The Attack Technique

The precise intrusion method has not been publicly disclosed, and Under Armour's investigation remains ongoing. What is known is that the dataset surfaced on a hacking forum before being cataloged by Have I Been Pwned, a common distribution pattern in which stolen or scraped data is posted, sold, or leaked to build reputation within criminal communities.

Under Armour's early statements indicate the exposure did not stem from its UA.com storefront, payment-processing systems, or password-storage systems, which points investigators toward alternative sources such as an ancillary system, a third-party service, or a historical data store. Until the company completes its forensic review, the root cause, timeline, and full scope should be treated as unconfirmed. The late-2025 timeframe cited by the Associated Press suggests the data may have been held or circulated for a period before publicly surfacing.

What Organizations Should Do

Sources: Under Armour Probes Massive Leak Claim After 72 Million Customer Records Surface Online - AMOverview