Clothing and athletic gear company Under Armour is investigating a significant data breach that reportedly exposed the personal information of millions of its customers. The incident — believed to have occurred in late 2025 — has put the spotlight on data security practices within major global retailers.

According to reports, the breach resulted in the unauthorized access and theft of an estimated 72 million email addresses, along with other personal details such as names, genders, birthdates, and ZIP codes, based on data cited by the cybersecurity monitoring site Have I Been Pwned. At this time, there is no indication that passwords, financial information, or payment systems have been compromised.

What Happened

Cybersecurity experts believe the breach dates back to late last year, although Under Armour has not yet issued a full public disclosure detailing the attack. The company’s internal review is ongoing, with statements indicating that systems related to customer accounts, as well as payment processing infrastructure, are not believed to have been accessed.

Have I Been Pwned founder Troy Hunt — widely followed for his work cataloguing major breaches — confirmed that the pattern of exposed data appears consistent with accounts linked to Under Armour customers, though he noted it is unusual for a breach of this scale not to have been formally disclosed sooner by the company itself.

Consumer Impact and Response

While sensitive information like passwords and financial details are not currently confirmed to be part of the breach, exposure of email addresses and personal identifiers still puts affected individuals at risk of phishing attacks and identity misuse. Experts recommend that customers:

• Review notifications from Have I Been Pwned or similar services
• Be cautious of unexpected or unusual emails
• Update security practices such as two-factor authentication where possible

Under Armour says it is working with cybersecurity specialists to assess the situation and determine the full extent of the data exposure.

Why This Matters

This incident highlights a broader trend in which consumer brands — even those outside the traditional technology sector — are increasingly targeted by cybercriminals seeking large troves of personal information. As retailers expand digital services and online account systems, maintaining robust security controls is essential to protect customer trust and privacy.

As the situation develops, further updates from Under Armour and cybersecurity researchers are expected.

Read the full article: https://luckyy.uk/under-armour-investigates-major-data-breach-affecting-millions-of-customers/