The notorious Everest ransomware group has claimed responsibility for a major cyber breach against Under Armour, the global sportswear giant, alleging the theft of 343 GB of internal data that could impact millions of customers and employees worldwide.
The announcement, posted on the group’s dark web leak site on November 16, 2025, includes a sample of stolen records to substantiate the claims, escalating concerns over potential identity theft and phishing risks.
According to Everest, the compromised dataset encompasses a vast array of personal and corporate information from Under Armour’s systems.
Everest Ransomware Group Armour Breach
This includes millions of client records with transaction histories, user IDs, email addresses, physical addresses, phone numbers, passport details, gender information, and both work and personal email contacts.
Employee data from various countries is also implicated, alongside internal company documents. The sample provided by the hackers reveals sensitive customer shopping histories, product catalogs with SKUs, prices, and availability, as well as marketing logs and user behavior analytics.
These details suggest the breach targeted Under Armour’s customer relationship management, personalization, or e-commerce databases, potentially originating from marketing or product registration systems.
Everest, active since 2021, has a track record of high-profile attacks, including claims against AT&T’s carrier database, which exposed over 500,000 users, 1.5 million passenger records from Dublin Airport, and internal files from Coca-Cola.
The group issued a seven-day ultimatum to Under Armour via Tox messenger, demanding contact before the countdown timer expires and threatening to leak the data if the demand is not fully met. No ransom amount was specified in the initial post, but Everest’s pattern involves escalating leaks for non-compliant victims.
Under Armour, headquartered in Baltimore, Maryland, has not yet publicly confirmed or denied the breach as of November 18. The company, which serves over 190 countries and boasts brands like MyFitnessPal (previously hit in a 2018 incident affecting 150 million users), could face significant fallout.
Past breaches at the firm exposed usernames, emails, and hashed passwords, but spared financial data; this incident appears far broader, potentially including passports and transaction logs that enable targeted fraud.
Cybersecurity experts warn that such exposures heighten the risk of supply chain attacks and social engineering. “Ransomware groups like Everest are pivoting to data exfiltration over encryption, turning breaches into intelligence goldmines,” noted a Mandiant analyst.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has not yet listed this in its Known Exploited Vulnerabilities catalog, but similar incidents have prompted federal alerts.
Customers are urged to monitor accounts for unusual activity, change passwords on Under Armour-linked services, enable multi-factor authentication, and watch for phishing emails masquerading as breach notifications.
Enterprises should scan for Everest indicators of compromise, such as Qakbot malware or Cobalt Strike beacons, which the group often uses. Under Armour has been contacted for comment; until verified, these remain allegations, but the sample’s detail lends credibility.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour Breach appeared first on Cyber Security News.
