Everest Hacking Group Claims Theft of 343 GB of Data from Under Armour

The Everest ransomware group has claimed responsibility for a significant cyberattack against global sportswear company Under Armour, alleging the theft of 343 gigabytes of sensitive data. The group made the announcement on its dark web leak site on November 16, 2025, posting samples of the data to support its claim.

According to the group’s post, the compromised dataset contains extensive personal and corporate information. The allegedly stolen records include customer transaction histories, passport information, email and physical addresses, and phone numbers. The data also reportedly encompasses internal employee records and corporate documents, such as product catalogs, pricing information, and marketing analytics.

Scope and Potential Impact

The breadth of the information suggests a deep compromise of Under Armour’s systems, potentially affecting customer relationship management and e-commerce platforms. The inclusion of identity documents like passports and detailed transaction logs elevates the risk of targeted fraud and identity theft for both customers and employees.

Everest, an active threat group since 2021, typically focuses on data exfiltration for extortion rather than deploying encryption-based ransomware. Previous targets attributed to the group include AT&T and Dublin Airport. The actors have reportedly issued a seven-day ultimatum for Under Armour to establish contact before more data is released, though a specific ransom amount was not mentioned in the initial post.

This incident follows a previous major breach at Under Armour in 2018, when its MyFitnessPal application was compromised, affecting 150 million users. As of this report, Under Armour has not issued a public statement confirming or addressing the claims made by the Everest group. The validity and full scope of the alleged breach are pending verification.