Under Armour has launched an investigation into a reported data breach that may have exposed customer email addresses and limited personal details. However, the company says there is no evidence that passwords, payment data, or financial information were compromised.
According to cybersecurity tracking site Have I Been Pwned, the breach is believed to have occurred late last year and may involve up to 72 million email addresses. Some of the exposed records reportedly included names, genders, birthdates, and ZIP codes.
Company Response
In a statement addressing the claims, the Baltimore-based apparel retailer emphasized that its core systems remain secure.
“We have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords,” Under Armour said.
“Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded.”
Cybersecurity Expert Weighs In
Troy Hunt, founder and CEO of Have I Been Pwned, said available data supports Under Armour’s assertion that no sensitive financial or login credentials were taken.
However, Hunt noted that the company’s lack of a formal public disclosure stood out.
“That’s unusual, especially given the size of the organisation, the scale of the breach and the amount of time that has passed since the incident,” Hunt said in an email Thursday.
He added that Under Armour is also a victim of criminal activity and may have been focused on managing the aftermath.
What Customers Should Know
While the breach does not appear to involve passwords or payment information, cybersecurity experts generally advise affected users to:
- Stay alert for phishing emails
- Avoid clicking suspicious links
- Use strong, unique passwords across platforms
Under Armour says the investigation is ongoing.
