Athletic apparel company Under Armour is facing claims of a massive data breach allegedly affecting up to 72 million customers. Hackers reportedly posted customer records online following a ransomware attack in November 2025. The exposed data allegedly includes names, email addresses, phone numbers, purchase history, and account credentials from Under Armour’s online retail and connected fitness platforms.
Learn what to do when your data is exposed in a breach on OpenClassActions.com.
What Happened
Reports indicate that hackers breached Under Armour’s systems through a ransomware attack and exfiltrated a large volume of customer data. The attackers then posted the stolen records online, suggesting either that Under Armour declined to pay a ransom or that negotiations broke down. Under Armour has not publicly confirmed the full scope of the breach, but security researchers have identified records consistent with Under Armour customer data circulating on dark web forums.
This is not the first time Under Armour has dealt with a data breach. In 2018, the company disclosed that approximately 150 million accounts on its MyFitnessPal platform were compromised. That earlier breach resulted in a $65 million SEC settlement. The current incident appears to involve Under Armour’s broader retail operations rather than just its fitness app.
Who Is Affected
If you have an Under Armour online account, purchased products through underarmour.com, or use any of Under Armour’s connected fitness apps (MapMyRun, MapMyFitness), your data may be at risk. The alleged 72 million figure would make this one of the larger retail data breaches in recent years.
What You Should Do
Change your Under Armour account password and any other accounts using the same credentials. If you stored payment information on Under Armour’s site, monitor your statements for unauthorized charges. Consider removing saved payment methods from your account. Watch for phishing emails that reference Under Armour purchases or fitness data — attackers with your purchase history could craft very convincing scam messages.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.