CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Under Armour is investigating a data breach after 72 million customer records were allegedly exposed online by the Everest ransomware group. The breach reportedly occurred in November 2025, with data including email addresses, personal information, and purchase details being published on a hacking forum in January 2026. Under Armour has confirmed the investigation and stated that there is no evidence the breach affected payment systems or customer passwords. Additionally, Iron Mountain, a data storage and recovery services company, reported a breach by the Everest group, which was limited to marketing materials and did not involve customer confidential or sensitive information.

Timeline

  1. 03.02.2026 18:49 1 articles · 8h ago

    Everest Ransomware Group Shifts Tactics to Data-Theft-Only Extortion

    The Everest ransomware group has shifted tactics from encrypting victims' systems with ransomware to data-theft-only corporate extortion. They also act as an initial access broker for other threat actors, selling access to breached corporate networks for a fee. In August 2024, the U.S. Department of Health and Human Services warned that Everest was increasingly targeting healthcare organizations across the United States.

    Show sources
    Open in new tab
  2. 23.01.2026 14:10 2 articles · 11d ago

    Under Armour Data Breach Allegedly by Everest Ransomware Group

    In November 2025, the Everest ransomware group claimed to have obtained access to 343GB of Under Armour data. On January 18, 2026, customer data from the incident was published publicly on a popular hacking forum, including 72 million email addresses. Under Armour confirmed the investigation and stated that there is no evidence the breach affected payment systems or customer passwords. Additionally, Iron Mountain reported a breach by the Everest group, which was limited to marketing materials and did not involve customer confidential or sensitive information.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Conduent Data Breach Affects Millions

Conduent, a business services provider, has confirmed that a data breach in 2024 impacted over 10.5 million individuals. The breach, initially disclosed in January 2025, affected government agencies in multiple US states. The attackers accessed Conduent's network on October 21, 2024, and were evicted on January 13, 2025. The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. Conduent serves over 600 government and transportation organizations, and roughly half of Fortune 100 companies. The company has not provided an exact number of affected individuals, but breach notices indicate at least 10.5 million people were impacted, with the largest number in Oregon (10.5 million) and over 4 million in Texas. The Safepay ransomware group claimed responsibility for the attack in February 2025 and claimed to have stolen 8.5TB of data. Conduent provides services to several other states where specific data breach figures aren't published, potentially increasing the actual impact. As of October 24, 2025, there is no evidence that the stolen data has been misused. Additionally, Ingram Micro, a major IT services provider, revealed a ransomware attack in July 2025 that affected over 42,000 individuals. The SafePay ransomware group was behind this attack, claiming to have stolen 3.5TB of documents. The attack triggered a massive outage and highlighted SafePay's growing activity as a significant ransomware threat.

Open in new tab

Merkle Breach Exposes Employee and Client Data

Merkle, a US-based subsidiary of Dentsu, experienced a cyberattack resulting in the theft of sensitive employee and client data. The breach was detected through unusual network activity, prompting an incident response and investigation. The stolen data includes bank details, payroll information, and personal contact details. Merkle has notified affected individuals and law enforcement, and is offering credit monitoring and Dark Web monitoring to impacted employees. The nature of the attack remains unknown, but it may involve data extortion or ransomware. The incident highlights the ongoing threat of data theft and the importance of robust incident response protocols.

Open in new tab

Ransomware Attacks Continue to Evade Defenses Despite Security Efforts

Ransomware remains a top threat to global organizations, with attackers bypassing defenses despite extensive prevention and detection efforts. Double extortion tactics are prevalent, and some groups focus solely on data theft and extortion. The Picus Security Blue Report 2025 reveals a decline in prevention effectiveness, particularly in data exfiltration, highlighting critical gaps in defenses. Security teams must continuously validate their defenses against both known and emerging ransomware strains to ensure readiness. Breach and Attack Simulation (BAS) provides real-time validation of defenses, showing where protections stand or fail. The report underscores the need for ongoing testing and validation to address persistent gaps in malware delivery, detection, data exfiltration, and endpoint protection.

Open in new tab

Insight Partners Ransomware Breach Affects 12,657 Individuals

Insight Partners, a New York-based venture capital and private equity firm, has notified 12,657 individuals that their personal information was compromised in a ransomware attack. The breach, which occurred in October 2024, involved a sophisticated social engineering attack that allowed threat actors to access and encrypt servers. The stolen data includes banking and tax information, personal details of current and former employees, and information related to limited partners, funds, and portfolio companies. The company has offered complimentary credit or identity monitoring services to those affected and has filed breach notifications with state attorneys general. The incident highlights the ongoing risk of social engineering attacks and the potential for significant data exfiltration in ransomware breaches.

Open in new tab

Lovesac Data Breach After Ransomware Attack

Lovesac, a furniture retailer, confirmed a data breach impacting an unspecified number of individuals. The breach occurred between February 12, 2025, and March 3, 2025, and involved unauthorized access to internal systems. The company discovered the breach on February 28, 2025, and has offered credit monitoring services to affected individuals. The RansomHub ransomware gang claimed responsibility for the attack, threatening to leak stolen data if a ransom was not paid. Lovesac operates 267 showrooms across the United States and reported annual net sales of $750 million. The stolen data includes full names and other personal information, though the exact details and the number of affected individuals remain undisclosed. The company has not confirmed whether customers, employees, or contractors were impacted.

Open in new tab