The Everest ransomware group has announced a breach involving Under Armour, Inc., the prominent American sportswear firm. They claim to have exfiltrated 343 GB of sensitive internal data, including employee information and personal details of millions of individuals across multiple countries. The assertion was made public earlier today on the group’s official dark web leak site.
Sensitive Data Exposed in the Breach
In a demonstration of their claims, the Everest group has released sample data that includes extensive customer insights. This data features customer shopping histories, email addresses, phone numbers, timestamps for purchases, product identifiers, prices, and quantities, along with geographical location data, marketing campaign logs, and unique identifiers associated with user accounts and transactions.
Moreover, the leaked information comprises detailed records from a product catalog linked to customer data. This indicates a potential connection to systems involved in marketing, personalization, or product registration processes. Each data entry encompasses key product details such as SKU, name, type, category, size, color, pricing, availability, and localized descriptions, along with various regional links.
The breach further discloses personal information about customers, including their first names, email addresses, consent statuses, language preferences, and request timestamps. The combination of commercial intelligence and personal data presents a substantial risk if Under Armour verifies these allegations.
Seven-Day Response Deadline Issued
The Everest ransomware group has imposed a seven-day deadline on Under Armour to initiate contact via Tox messenger, accentuating the urgency of their demand. Accompanying their message was a countdown timer, underscoring the limited time frame for potential negotiation. In cases where companies remain unresponsive or refuse to comply with ransom demands, the group has a history of proceeding with data leaks.
Notable previous incidents affiliated with Everest include breaches of sensitive information from the AT&T carrier website, which involved over half a million user records, 1.5 million passenger records from Dublin Airport, and internal employee data related to Coca-Cola.
Advisory for Under Armour Customers
Hackread.com has reached out to Under Armour for official commentary regarding these claims. Until the company confirms or denies the implications of this breach, these allegations should be treated with caution.
In light of the breach, it is recommended that customers vigilantly monitor their accounts and financial activities. Users should change passwords associated with their accounts, activate two-factor authentication, and exercise caution regarding any emails purporting to be from Under Armour, as attackers may exploit the situation to conduct phishing campaigns disguised as breach notifications.
From a cybersecurity perspective, this incident may involve various MITRE ATT&CK tactics and techniques, such as initial access through exploitation of vulnerabilities, persistence via maintaining access, and potential privilege escalation within Under Armour’s network. Understanding these potential tactics can assist businesses in reinforcing their defenses against future threats.
