Was Your Data Exposed in the Latest Under Armour Breach? Here’s What You Should Do

If you’ve ever created an Under Armour account, subscribed to emails, or bought gear online, you may want to pay extra attention.

Millions of users recently began receiving breach alerts tied to Under Armour after a massive dataset allegedly linked to the brand was posted online. While the company is still investigating, the leaked data was serious enough for breach notification services to notify affected users directly.

So what actually happened, and what should you do next?

What happened?

In late 2025, the notorious Everest ransomware group claimed it had breached Under Armour’s systems and stolen a large volume of internal data. The group later published the dataset on a hacking forum, where it became accessible to other cybercriminals.

Earlier this year, Have I Been Pwned, analyzed the leaked data and began alerting users whose information appeared in the files, triggering a new wave of concern, even though Under Armour had not yet publicly confirmed the full extent of the breach.

Under Armour says it is aware of the claims and is continuing to investigate with cybersecurity experts. The company said it currently has no evidence that payment systems or passwords were compromised, but the investigation is ongoing.

What information may have been exposed?

Based on the leaked dataset, the exposed information includes:

• Full names
• Email addresses
• Dates of birth
• Gender
• Approximate location data (such as ZIP or postal codes)
• Purchase-related information
• Some Under Armour employee email addresses

Why this matters even if passwords weren’t leaked

Data breaches aren’t just about stolen logins. Even without passwords or credit card numbers, this type of data is still valuable to scammers. When combined with other breaches or public information, it can be used to create convincing phishing emails, fake account alerts, or personalized scams that look legitimate.

After breaches like this, it’s common to see an increase in:

• Fake “account security” emails
• Scam messages referencing real purchases or brands
• Credential-stuffing attempts if passwords were reused elsewhere
• Targeted phishing designed to harvest even more information

What you should do right now

If your information may have been affected:

• Be extra cautious with emails or messages claiming to be from Under Armour or retailers you’ve shopped with
• Avoid clicking links in unexpected “security alerts” or account warnings
• Use separate, unique passwords for shopping, fitness and email accounts
• Monitor for unusual login attempts or suspicious account activity

And while it’s not clear whether passwords were exposed in this incident, resetting your password is still a smart precaution, especially if:

• You used the same password on other websites
• Your Under Armour account is linked to the same email you use elsewhere

How Bitdefender Digital Identity Protection can help

This is where ongoing monitoring matters.

Bitdefender Digital Identity Protection continuously monitors your personal data (including email addresses, credentials, and sensitive information) across known data breaches, dark web sources, and public leaks.

If your information shows up somewhere it shouldn’t, you’re alerted quickly, with clear guidance on what to do next. That early warning can make the difference between a contained issue and full-blown identity fraud. Instead of finding out months later after scam emails, account lockouts, or fraudulent charges, you get visibility as soon as your data is exposed.