Under Armour Investigates Reported Data Breach Involving Customer Email Addresses

Related

Aflac Japan Data Breach Impacts 4.38 Million Customers and Agents

What happened Aflac Life Insurance Japan disclosed a data breach...

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

What happened Nissan disclosed a data breach affecting current and...

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

What happened Japanese telecommunications operator KDDI disclosed a data breach...

Xsolis Data Breach Affects 1.4 Million Individuals

What happened Healthcare technology company Xsolis disclosed a data breach...

Canadian Electricity Provider London Hydro Discloses Data Breach

What happened London Hydro disclosed a data security incident that...

Share

What happened

Under Armour looking into data breach reports after claims that customer email addresses and other personal information were taken, while the company said there are no signs passwords or financial information were stolen. The incident was believed to have occurred in late 2025, and the reporting referenced a figure of 72 million affected email addresses. Some records were described as including names, genders, birthdates, and ZIP codes. Under Armour said it had no evidence the issue affected UA.com or systems used to process payments or store customer passwords, and disputed implications that sensitive personal information of tens of millions was compromised. Troy Hunt, CEO of Have I Been Pwned, was cited as agreeing with the company’s assertion based on information available so far, while noting the lack of an official disclosure statement.

Who is affected

Under Armour customers are directly affected if their email addresses and associated profile data were exposed. Downstream exposure may be indirect, including increased phishing or credential-stuffing attempts against users whose emails appear in breach datasets.

Why CISOs should care

Email-address exposure at large scale often drives follow-on attacks, including targeted phishing, account takeover attempts on unrelated services, and brand impersonation. Even when passwords are not involved, the combination of emails with demographic or profile details can increase social engineering success rates.

3 practical actions

  • Increase phishing defenses for affected populations: Enhance monitoring and filtering for brand-impersonation and password reset lures targeting Under Armour customers.

  • Monitor credential abuse signals: Watch for spikes in login attempts, password reset activity, and anomalous authentication patterns tied to exposed email domains.

Reinforce customer communication controls: Ensure official support channels and notification processes are consistent and resistant to spoofing during breach publicity.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.