CyberLeveling Logo
Under Armour Data Breach

Under Armour Data Breach: What We Know So Far

January 23, 2026

Under Armour has confirmed it is investigating claims of a significant data breach after hackers posted what they allege are 72 million customer records online. While the company has stopped short of confirming the full scale of the incident, it has acknowledged that some sensitive customer information was accessed.

What Happened?

In January 2026, cybersecurity researchers and journalists reported that a large dataset allegedly belonging to Under Armour users appeared on hacker forums. The data was linked to claims by a cybercriminal group that said it had gained unauthorized access to Under Armour systems months earlier.

TechCrunch independently reviewed a sample of the leaked data, lending credibility to the claims.

What Data Was Exposed?

According to TechCrunch, the stolen sample included:

  • Full names
  • Email addresses
  • Dates of birth
  • Approximate geographic location

This type of information, while not including payment card data or passwords, is considered sensitive personal data and can be used in phishing attacks, identity fraud, or social engineering schemes.

Under Armour’s Response

Under Armour confirmed that it is:

  • Aware of claims that an unauthorized third party accessed certain customer data
  • Actively investigating the incident with external cybersecurity experts

The company stated that, at this time:

  • There is no evidence that payment systems were compromised
  • There is no evidence that account passwords were accessed

However, Under Armour did acknowledge that some customer data was taken, marking the first public confirmation tied directly to the breach claims.

Is the Breach Fully Confirmed?

Not entirely.

  • Confirmed: Some sensitive customer information was accessed, and the breach claims are real enough to warrant investigation
  • Not confirmed: The total number of affected users (72 million) and whether all posted data originated directly from Under Armour systems

This partial confirmation is common in large breach investigations, where companies verify scope before issuing full disclosures.

Why This Matters

Even without passwords or payment details, exposed personal data can be dangerous. Cybercriminals often use this information to craft convincing phishing emails, impersonate brands, or target users across other platforms where passwords may have been reused.

If you have an Under Armour account, it’s recommended to:

  • Change your password (especially if reused elsewhere)
  • Enable two-factor authentication where possible
  • Be cautious of emails claiming to be from Under Armour

Final Thoughts

While Under Armour has not yet confirmed the full scale of the breach, the company’s acknowledgment that some sensitive data was taken represents a significant development. As the investigation continues, more details are expected to emerge, including whether customers will receive direct breach notifications.

For now, users should remain vigilant and take proactive steps to protect their online accounts.

Source: TechCrunch