Golf That Gives Back – 29th...
At AJC, we believe success should be shared with our community. Putting that commitment into action, we are proud to...
Read More
The recent ransomware attack on Under Armour is a sharp reminder of just how exposed that trust can be.
In January 2026, cyber security researchers confirmed that data linked to Under Armour customers had begun appearing on dark web forums. The leak followed a ransomware attack carried out several months earlier by a group known as Everest. When negotiations reportedly failed, the attackers started publishing what they claimed was stolen company data, including information connected to millions of customers worldwide.
The scale of the incident is what makes it particularly unsettling. More than 72 million customer records are believed to be affected, a figure that exceeds the population of the UK. While not every record contains the same depth of detail, the dataset reportedly includes email addresses, names and other personal attributes linked to Under Armour accounts.
Under Armour has acknowledged the incident and says it is working with external cyber security specialists to investigate what happened. The company has stated that it does not believe payment card information or account passwords were exposed. Even so, cyber security experts warn that the data involved is still highly valuable to criminals when combined with information from other breaches.
Stolen data is rarely used in isolation. Personal details can be stitched together to create convincing, targeted attacks that are far harder to spot than generic scams.
In practical terms, exposed information can be used for:
Even limited datasets can significantly increase risk when combined with information from previous breaches.
The Everest ransomware group is known for using a double-extortion tactic. Rather than simply encrypting systems and demanding payment, they also threaten to release stolen data publicly if negotiations fail.
This approach places organisations under immense pressure, particularly when customer trust, regulatory expectations and reputational damage are all at stake. In this case, portions of the leaked data have already been indexed by breach notification services, meaning many customers may only now be discovering their exposure.
Legal and reputational consequences are beginning to follow. Reports indicate that class action lawsuits have been filed in the United States, alleging failures to adequately protect customer information. Whether those claims succeed remains to be seen, but the incident highlights a reality many consumers would rather ignore: even well-known global brands are vulnerable.
For organisations, incidents like this can trigger regulatory scrutiny, customer complaints and long-term erosion of trust, regardless of whether financial data was directly compromised.
For affected customers, the response should be calm but proactive. Anyone who has ever created an Under Armour account should assume their email address may now be known to cybercriminals.
Passwords reused elsewhere should be changed, two-factor authentication enabled where possible, and extra caution applied to emails or messages claiming to be from the company. Phishing attempts often increase in the months following a high-profile breach.
Beyond the immediate steps, the breach carries a broader lesson. Large-scale cyber incidents force us to reconsider how much information we share with organisations and how long it is stored.
Every account created and every optional field completed adds to a digital footprint that can one day be exposed. Data minimisation, retention controls and clear accountability are not just compliance issues, but trust issues.
The Under Armour ransomware incident is not just a cyber security story. It is a reminder that data is personal, trust is fragile, and the cost of digital convenience can be far higher than we expect.
As ransomware groups continue to evolve their tactics, organisations must recognise that cyber security is no longer solely an IT issue. It is a core business risk that demands ongoing attention, clear ownership and a commitment to protecting those whose data they hold.
Incidents like this highlight the importance of taking a proactive, risk-based approach to cyber security and data protection. At AJC, we support organisations in strengthening their resilience before an incident occurs, and responding effectively when it does.
Our work includes helping organisations:
By focusing on both technical controls and organisational accountability, we help organisations protect trust as well as data.
Contact us on 020 7101 4861 or email us at info@ajollyconsulting.co.uk if you think we can help.
Sources:
Under Armour cyberattack may put over 7 million at risk – but it’s staying quiet | TechRadar
Under Armour ransomware breach: data of 72 million customers appears on the dark web | Malwarebytes
Under Armour Ransomware Attack Exposes 72M Email Addresses – TechRepublic
Image accreditation: Under Armour (2021) from WikiMedia Commons. Last accessed on 5th February 2026. Available at:
https://commons.wikimedia.org/wiki/File:20211212_Under_Armour_at_MixC_Zhengzhou.jpg
At AJC, we believe success should be shared with our community. Putting that commitment into action, we are proud to...
Read More
As global sports events become increasingly dependent on complex digital infrastructure, cybersecurity planning has moved firmly into the spotlight. This...
Read More
Fraudsters are increasingly returning to traditional methods to target victims, with highly convincing scam letters claiming to be from trusted...
Read More