Listen to the article
Under Armour, the Baltimore-based clothing retailer, has launched an investigation into a data breach that reportedly compromised personal information of millions of customers. The company is examining claims that hackers accessed customer email addresses and other personal data, though there are currently no indications that passwords or financial information were stolen.
According to cybersecurity website Have I Been Pwned, the breach is believed to have occurred in late 2023 and affected approximately 72 million email addresses. Beyond email information, the stolen records reportedly included customers’ names, genders, birthdates, and ZIP codes.
In a statement addressing the incident, Under Armour emphasized the limited scope of the breach: “We have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded.”
Troy Hunt, CEO of Have I Been Pwned, a service that allows users to check if their personal information has been compromised in data breaches, confirmed that based on available information, he agrees with Under Armour’s assessment of the situation. However, Hunt expressed surprise at the company’s handling of public communications around the breach.
“That’s unusual, especially given the size of the organisation, the scale of the breach and the amount of time that has passed since the incident,” Hunt noted in an email statement on Thursday. The Australia-based cybersecurity expert acknowledged the challenging position Under Armour finds itself in, adding, “In their defence, they’re also the corporate victim of malicious criminal activity and I’m sure they’ve had their hands full dealing with the fallout.”
The incident comes at a time when consumer data breaches are increasingly common across the retail sector. Major companies like T-Mobile, Neiman Marcus, and Home Depot have all faced significant data breaches in recent years, highlighting the ongoing challenges retailers face in securing customer information.
For Under Armour, a company that generated approximately $5.9 billion in revenue in 2023, maintaining customer trust is paramount as it competes with industry giants like Nike and Adidas. This breach represents yet another challenge for the athletic apparel retailer, which has worked to revitalize its brand position in recent years after experiencing uneven performance.
Cybersecurity experts note that while the breach doesn’t appear to include financial data, the compromised information could still be valuable to bad actors. Email addresses, names, and demographic information can be used in targeted phishing campaigns or combined with other leaked data to build more comprehensive profiles for identity theft.
Consumers who have shopped with Under Armour should be vigilant about suspicious emails, particularly those that appear to come from the company requesting additional information or containing unusual links. Changing passwords for Under Armour accounts and any other accounts that share the same password is also recommended as a precautionary measure.
The company has not yet provided information about how the breach occurred or specific steps it’s taking to prevent similar incidents in the future. Under data protection regulations in various jurisdictions, including the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act, companies are often required to notify affected users and relevant authorities within specific timeframes following the discovery of a data breach.
As the investigation continues, Under Armour will likely face pressure to provide more detailed information about the breach and outline concrete steps it’s taking to strengthen its data security infrastructure.
Fact Checker
Verify the accuracy of this article using The Disinformation Commission analysis and real-time sources.
8 Comments
This is concerning news for Under Armour customers. Data security is critical in today’s digital landscape. I’m glad they are investigating and communicating openly about the situation. Hopefully they can quickly identify the root cause and shore up protections.
Data breaches are becoming alarmingly common. Kudos to Under Armour for being transparent about this incident and taking steps to protect their customers. Safeguarding personal information should be a top priority for all businesses.
Agreed. Proactive communication and swift action are key when these breaches occur. Hopefully Under Armour can quickly identify the source and prevent any further exposure of customer data.
While the scope of this breach seems limited to email addresses, it’s still unsettling. Companies need robust security measures to shield customer info from hackers. Curious to see what steps Under Armour takes to fortify their systems and regain trust.
Data breaches are becoming an all-too-common occurrence these days. Kudos to Under Armour for being transparent about this incident and reassuring customers that sensitive info wasn’t compromised. Cyber threats require constant vigilance.
Disappointing to hear about this data breach affecting Under Armour customers. Cybersecurity is such a critical concern these days. Glad they are investigating and reassuring customers that sensitive info like passwords wasn’t compromised.
Unfortunate to see another high-profile data breach. While the scope seems limited, these incidents can still erode customer trust. I hope Under Armour can determine the source and take robust steps to prevent future breaches and safeguard sensitive info.
Cybersecurity is an ongoing challenge for businesses. Kudos to Under Armour for being upfront about this incident and assuring customers that passwords and financial info weren’t compromised. Maintaining trust is crucial in these situations.