Global sportswear retailer Under Armour has launched a comprehensive investigation into a substantial data security incident that has compromised the email addresses and personal information of millions of its customers. The breach, which is believed to have occurred in the latter part of the previous year, represents a significant cybersecurity event for the Baltimore-based apparel company.
Scale and Nature of the Compromised Data
According to information cited by the prominent cybersecurity monitoring website Have I Been Pwned, the breach is estimated to have affected approximately 72 million customer email addresses. The stolen records are reported to include not only email addresses but also a range of associated personal details.
Types of Personal Information Involved
The compromised data is understood to include several categories of customer information:
- Full names of affected customers
- Gender information as provided to the company
- Customer birthdates and dates of birth
- Residential ZIP or postal codes
Company Response and Security Assurance
In an official statement addressing the claims of a data breach, Under Armour has acknowledged its ongoing investigation while seeking to reassure customers about the security of their most sensitive information. The company has emphasised that there is currently no evidence to suggest that critical systems have been compromised.
The company stated: "We have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded."
What Information Remains Secure
According to Under Armour's investigation findings so far, several crucial categories of customer data appear to have remained secure:
- Customer passwords and login credentials
- Financial information including payment details
- Credit card numbers and banking data
- Transaction histories and purchase records
Cybersecurity Expert Assessment
Troy Hunt, the founder and CEO of Have I Been Pwned, has commented on the situation, offering his professional assessment based on the information that has emerged from the investigation. Hunt has indicated that he concurs with Under Armour's current position regarding the scope and nature of the breach.
"Based on the information available at this stage," Hunt noted, "I agree with Under Armour's assertion about what has and hasn't been compromised in this incident."
Ongoing Investigation and Customer Impact
The investigation into the precise circumstances of the breach continues, with cybersecurity teams working to determine exactly how the attackers gained access to the customer data. While the exposure of email addresses and associated personal information represents a serious privacy concern, the apparent protection of passwords and financial data provides some measure of relief for affected customers.
Customers are advised to remain vigilant for any suspicious communications that might reference their Under Armour accounts, particularly phishing attempts that could leverage the exposed email addresses and personal details to appear more convincing.
