The latest Under Armour breach is a reminder that exposed personal data can still create serious risk even when passwords and payment details are not confirmed as part of the leak. Names, email addresses, birth dates, location data, and purchase-related information may be enough for scammers to launch convincing phishing attacks, account lures, and identity-focused fraud.

Key Takeaways

• A dataset allegedly linked to Under Armour was posted online after the Everest ransomware group claimed it had breached the company in late 2025.
• Have I Been Pwned later analyzed the leaked data and began notifying users whose information appeared in the files, driving renewed attention to the incident.
• The exposed data may include full names, email addresses, dates of birth, gender, approximate location data, purchase-related details, and some employee email addresses.
• Even without confirmed password or payment-card exposure, the leak still creates phishing and identity-theft risk, so affected users should stay alert, avoid suspicious links, monitor accounts, and consider changing passwords as a precaution.

If you’ve ever created an Under Armour account, subscribed to emails, or bought gear online, you may want to pay extra attention.

Millions of users recently began receiving breach alerts tied to Under Armour after a massive dataset allegedly linked to the brand was posted online. While the company is still investigating, the leaked data was serious enough for breach notification services to notify affected users directly.

So what actually happened, and what should you do next?

What happened?

In late 2025, the notorious Everest ransomware group claimed it had breached Under Armour’s systems and stolen a large volume of internal data. The group later published the dataset on a hacking forum, where it became accessible to other cybercriminals.

Earlier this year, Have I Been Pwned, analyzed the leaked data and began alerting users whose information appeared in the files, triggering a new wave of concern, even though Under Armour had not yet publicly confirmed the full extent of the breach.

Under Armour says it is aware of the claims and is continuing to investigate with cybersecurity experts. The company said it currently has no evidence that payment systems or passwords were compromised, but the investigation is ongoing.

What information may have been exposed?

Based on the leaked dataset, the exposed information includes:

• Full names
• Email addresses
• Dates of birth
• Gender
• Approximate location data (such as ZIP or postal codes)
• Purchase-related information
• Some Under Armour employee email addresses

Why this matters even if passwords weren’t leaked

Data breaches aren’t just about stolen logins. Even without passwords or credit card numbers, this type of data is still valuable to scammers. When combined with other breaches or public information, it can be used to create convincing phishing emails, fake account alerts, or personalized scams that look legitimate.

After breaches like this, it’s common to see an increase in:

• Fake “account security” emails
• Scam messages referencing real purchases or brands
• Credential-stuffing attempts if passwords were reused elsewhere
• Targeted phishing designed to harvest even more information

What you should do right now

If your information may have been affected:

• Be extra cautious with emails or messages claiming to be from Under Armour or retailers you’ve shopped with
• Avoid clicking links in unexpected “security alerts” or account warnings
• Use separate, unique passwords for shopping, fitness and email accounts
• Monitor for unusual login attempts or suspicious account activity

And while it’s not clear whether passwords were exposed in this incident, resetting your password is still a smart precaution, especially if:

• You used the same password on other websites
• Your Under Armour account is linked to the same email you use elsewhere

How Bitdefender Digital Identity Protection can help

This is where ongoing monitoring matters.

Bitdefender Digital Identity Protection continuously monitors your personal data (including email addresses, credentials, and sensitive information) across known data breaches, dark web sources, and public leaks.

If your information shows up somewhere it shouldn’t, you’re alerted quickly, with clear guidance on what to do next. That early warning can make the difference between a contained issue and full-blown identity fraud. Instead of finding out months later after scam emails, account lockouts, or fraudulent charges, you get visibility as soon as your data is exposed.

Frequently asked questions (FAQ)

What is the Under Armour data breach?

The Under Armour data breach refers to a dataset allegedly tied to Under Armour that was posted online after the Everest ransomware group claimed it had breached the company in late 2025. According to Bitdefender’s write-up, the exposed data may include names, email addresses, dates of birth, gender, approximate location data, purchase-related information, and some employee email addresses.

How much compensation will I get for a data breach?

There is no fixed payout. Compensation depends on what happened, what laws apply, whether a settlement or lawsuit exists, and whether you can show measurable harm such as fraud losses, identity-theft expenses, or time spent resolving the breach. In many cases, people receive nothing automatically unless there is a formal settlement, regulatory remedy, or company-provided reimbursement program. This is one of those questions where the answer is highly case-specific, so it is better not to promise a number.

What happens if your data was breached?

The impact depends on what was exposed, but the usual risks are phishing, credential stuffing, impersonation, account takeover, and identity theft. If the leaked data includes email addresses, phone numbers, birth dates, or purchase history, scammers can use that context to make fraudulent messages look more convincing. That is why post-breach advice usually focuses on changing reused passwords, enabling MFA, monitoring financial and online accounts, and staying alert for targeted scams.

Should I worry if my password was in a data leak?

Yes, especially if that password is still in use anywhere else. Security guidance is consistent on this point: if a password appears in a breach, you should change it immediately anywhere it was reused, enable MFA, and review your accounts for suspicious activity. The main danger is not just that one breached site, but that attackers routinely try leaked passwords across email, shopping, banking, and social accounts.