Nike is facing a class action lawsuit after a ransomware attack in January 2026 resulted in the theft of 1.4 terabytes of customer data, including names, email addresses, billing addresses, phone numbers, and payment card details. The company waited over a month before notifying affected customers.
Status: Lawsuit Filed | No Settlement Yet
What Happened?
On January 21, 2026, Nike suffered a ransomware attack in which cybercriminals exfiltrated approximately 1.4 terabytes of data before encrypting company systems. The stolen data was subsequently published online, making it accessible to anyone.
Nike did not begin sending notification letters to affected customers until February 25, 2026 — more than a month after the breach occurred. This delay is a central allegation in the class action, with plaintiffs arguing it left customers exposed to identity theft and fraud for weeks without warning.
What Data Was Stolen?
- Full names
- Email addresses
- Billing and shipping addresses
- Phone numbers
- Transaction and purchase history
- Payment card details
The Lawsuit
A class action was filed in Oregon federal court by plaintiff Maria Gomez, alleging negligence, breach of implied contract, and unjust enrichment. The lawsuit claims Nike failed to implement reasonable cybersecurity measures to protect customer data and then unreasonably delayed notifying victims.
The case is in early litigation. No settlement has been reached and there is no claims process at this time.
What Should You Do?
If you are a Nike customer and believe your data may have been compromised:
- Check your email for a breach notification from Nike
- Monitor your bank statements and credit card activity for unauthorized charges
- Change your Nike account password and any other accounts using the same password
- Place a fraud alert or credit freeze with the three major credit bureaus
- Be cautious of phishing emails that reference Nike or your purchase history — scammers often use stolen data to craft convincing messages
Related Data Breach and Ransomware Cases on OpenClassActions
- McLaren Health Care Pays $14 Million After Back-to-Back Ransomware Attacks
- Asheville Eye Associates Settles Ransomware Attack Lawsuit — Claims Now Open
- Pillsbury Law Firm Data Breach — Seven-Month Notification Delay
- Coinbase Employee Data Breach Customer Information Class Action Lawsuit
- Nike Product Defect Lawsuit Settlement Update
By Steve Levine | Published: April 13, 2026
Filing Class Action Settlement Claims
Please submit only truthful information. False claims can be rejected and may carry penalties. If you are unsure whether you qualify, review the official notice or contact the settlement administrator. OpenClassActions.org is a consumer news site and is not a settlement administrator or a law firm.