What happened
Under Armour looking into data breach reports after claims that customer email addresses and other personal information were taken, while the company said there are no signs passwords or financial information were stolen. The incident was believed to have occurred in late 2025, and the reporting referenced a figure of 72 million affected email addresses. Some records were described as including names, genders, birthdates, and ZIP codes. Under Armour said it had no evidence the issue affected UA.com or systems used to process payments or store customer passwords, and disputed implications that sensitive personal information of tens of millions was compromised. Troy Hunt, CEO of Have I Been Pwned, was cited as agreeing with the company’s assertion based on information available so far, while noting the lack of an official disclosure statement.
Who is affected
Under Armour customers are directly affected if their email addresses and associated profile data were exposed. Downstream exposure may be indirect, including increased phishing or credential-stuffing attempts against users whose emails appear in breach datasets.
Why CISOs should care
Email-address exposure at large scale often drives follow-on attacks, including targeted phishing, account takeover attempts on unrelated services, and brand impersonation. Even when passwords are not involved, the combination of emails with demographic or profile details can increase social engineering success rates.
3 practical actions
- Increase phishing defenses for affected populations: Enhance monitoring and filtering for brand-impersonation and password reset lures targeting Under Armour customers.
- Monitor credential abuse signals: Watch for spikes in login attempts, password reset activity, and anomalous authentication patterns tied to exposed email domains.
Reinforce customer communication controls: Ensure official support channels and notification processes are consistent and resistant to spoofing during breach publicity.