Under Armour says it's 'aware' of data breach claims after 72M customer records were posted online

Under Armour says it’s ‘aware’ of data breach claims after 72M customer records were posted online

Apparel and fitness data company Under Armor says it is investigating claims of a data breach after a cybercriminal posted millions of customer records on a hacker forum.

The vendor told TechCrunch that the information was taken during a November data breach, which the Everest ransomware gang claimed responsibility for in a post on its dark web leak site.

News of the data breach became more widely known this week after breach notification site Have I Been Pounded A copy of the stolen information has been foundand notified 72 million individuals via email that their information had been compromised.

Have I Been Pounded said the stolen Under Armor dataset included name, email address, gender, date of birth and approximate location of customers based on postcode or zip code. The data also included purchasing information.

The vendor provided TechCrunch with a sample of the stolen data, which contained millions of records of Under Armor customer purchases and matched the type of data reported by Have I Been Pounded. The stolen data included reams of email addresses of Under Armor employees.

When reached for comment, Under Armor spokesman Matt Dornick told TechCrunch that the company is “aware of unauthorized third-party claims to obtain certain data.”

“Our investigation into this issue is ongoing with the assistance of external cybersecurity experts. Importantly, at this time, there is no evidence to suggest this issue affects UA.com or the payment process or the systems used to store customer passwords,” the spokesperson added.

“All we know at this point is that the number of affected customers with any type of information that is considered sensitive is a very small percentage,” Dornick said.

The spokesperson did not immediately respond to a follow-up email asking what types of customer information Under Armor considers “sensitive” information, nor did he provide an exact figure for how many customers were affected by the breach.

“Any implication that millions of customers’ sensitive personal information has been compromised is unfounded,” the spokesperson said.

Under Armor did not say whether it planned to notify customers whose data had been compromised. It did not say whether it had received any correspondence from hackers demanding ransom.

Source link