Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online

Clothing and fittingness information institution Under Armour said it is investigating claims of a information breach aft a cybercriminal posted millions of lawsuit records to a hacker forum.

The seller told TechCrunch that the information was taken successful a November information breach, which the Everest ransomware pack claimed work for successful a station connected its acheronian web leak tract astatine the time. 

News of the information theft became much wide known this week aft breach notification tract Have I Been Pwned obtained a transcript of the stolen data, and notified 72 cardinal individuals by email that their accusation had been compromised.

Have I Been Pwned said the stolen Under Armour dataset included names, email addresses, genders, dates of birth, and customers’ approximate determination based connected postcode oregon ZIP code. The information besides included accusation relating to purchases.

The seller provided TechCrunch with a illustration of the stolen data, which appears to incorporate millions of records of Under Armour lawsuit purchases and matched the types of information that Have I Been Pwned had reported. The stolen information contains reams of email addresses belonging to Under Armour employees.

When reached for comment, Under Armour spokesperson Matt Dornic told TechCrunch that the institution is “aware of claims that an unauthorized 3rd enactment obtained definite data.”

“Our probe of this issue, with the assistance of outer cybersecurity experts, is ongoing. Importantly, astatine this time, there’s nary grounds to suggest this contented affected UA.com oregon systems utilized to process payments oregon store lawsuit passwords,” the spokesperson added.

“What we cognize astatine this clip is the fig of affected customers with immoderate benignant of accusation that could beryllium considered delicate is simply a precise tiny percentage,” said Dornic. 

The spokesperson did not instantly respond to a follow-up email asking what types of customers’ accusation Under Armour considers “sensitive” information, nor did helium supply an close fig of however galore customers are affected by the breach.

“Any accusation that delicate idiosyncratic accusation of tens of millions of customers has been compromised is unfounded,” the spokesperson said.

Under Armour did not accidental if it planned to notify customers whose accusation was compromised. It did not accidental if it had received immoderate correspondence from the hackers, specified arsenic a request for ransom.