Under Armour Breach

OptMsg Breach Breakdown: Under Armour

Under Armour Breach

Accounts impacted: Approximately 72 million unique customer email addresses; 191+ million total records
Breach occurrence date: November 2025
Added to breach breakdown: January 2026

The Breach Breakdown

Under Armour, he global sportswear and fitness brand, suffered a ransomware attack from a cybercriminal group known as the Everest ransomware group in November 2025. Under Armour allegedly missed the group’s ransom deadline, so the attackers published the stolen data — first on their own leak site, then across underground hacker forums and dark web databases. The Everest group confirmed on their leak site that criminals had widely copied and shared the database. In fact, their post stated that “after the full publication, all the data was duplicated across various hacker forums and leak database sites.” As a result, lawyers filed a class action lawsuit in the US, alleging that Under Armour failed to protect sensitive customer — and possibly employee — data. Under Armour’s public statements have remained cautious. However, the sheer scale of data now circulating online, combined with the active lawsuit, strongly points to a serious breach.

Information Exposed

Cybersecurity researchers and dark web posts suggest the leaked data may include:

  • Full names
  • Email addresses
  • Phone numbers
  • Physical / home addresses
  • Gender
  • Purchase histories
  • Account preferences and settings

In total, the dataset reportedly holds over 191 million records, including 72.7 million unique email addresses.

Why This Is Risky

This breach exposed a wide range of personal details, and that combination creates serious risks. Specifically, criminals can use this data for:

  • Targeted phishing attacks — using your name, address, and purchase history to appear believable
  • SPAM and advertising fraud — selling your email address to third parties
  • Identity theft — pairing this data with other leaked databases to build a full profile of you
  • Account takeover — using your email to break into Under Armour and other accounts
  • Social engineering scams — using your location and preferences to win your trust

Furthermore, no one can take this data back now that criminals have spread it across multiple dark web forums. As a result, the risks from this breach will last for years.

What You Should Do Now

If you have, or ever had, an Under Armour, MapMyRun, or MyFitnessPal account, you may be at risk. Therefore, act now and take these steps:

  • Change your Under Armour password immediately — and update any account that shares the same password
  • Turn on two-factor authentication on your Under Armour account and your email
  • Watch for phishing emails that mention your name, purchases, or fitness data — criminals now craft these to feel personal
  • Check your inbox for suspicious login alerts or account activity
  • Consider switching to a private, opt-in email service like OptMsg to cut your exposure going forward
  • Place a fraud alert with the credit bureaus if you worry criminals may combine your data with other leaks

How OptMsg Helps

Your email address was likely in the Under Armour breach. That means attackers now know your name, where you live, what you buy, and how to reach you. Here’s how OptMsg puts you back in control:

  • You decide who can email you. OptMsg’s patent-pending opt-in router technology means only people you approve can reach your inbox — so even if criminals have your email address, they can’t flood you with phishing attempts.
  • No password to steal. OptMsg doesn’t rely on a password to protect your account. When breaches expose credentials, there’s nothing for attackers to exploit.
  • We don’t collect your personal data to sell to advertisers. Unlike “free” inboxes that profit from your information, OptMsg charges a small fee instead of treating you as the product.
  • OptMsg does not scan your emails to sell ads. Your inbox is yours — not a data source for advertisers or AI training.
Try OptMsg Free for 14 Days

Why It Matters

The Under Armour breach did not just expose email addresses, it exposed a full profile of millions of customers. Moreover, that kind of data does not disappear. Criminals trade it, combine it with other leaks, and use it to run increasingly convincing scams for years.

The real problem, however, is not just Under Armour’s security failure. Most email inboxes stay wide open by default, anyone with your address can reach you. OptMsg was built to fix exactly that.

Your Inbox. Your Rules.

Take control of your inbox today. Download OptMsg on iOS, Android, or use it on the web.

Helpful Links

Stay informed. Stay secure. OptMsg actively protects your email from data breaches and cyber threats. Our Breach Breakdown blog alerts you when companies expose personal information, so you can respond before criminals take advantage of it.
Create an Account
logo

Committed to ensuring your email is Secure, keeping your information Private and making life Simple.

BBB Accredited Business Seal

Products

Company

Scroll to Top