Have I Been Pwned (HIBP) says 72.7 million accounts registered with Under Armour were affected by an alleged ransomware attack in November.
The data breach platform ingested the files that were leaked by a member of the Everest ransomware group on January 18 via a cybercrime forum.
According to HIBP’s post from Tuesday, names, email addresses, dates of birth, genders, geographic locations, and details of previous purchases were leaked.
The athletic apparel giant has not yet acknowledged the alleged leak. It didn’t respond to our questions when we asked about the attack in November and has yet to respond to our latest calls for comment.
Claims of a ransomware attack emerged when Everest added Under Armour to its leak site two months ago, threatening to release stolen data unless the company paid an undisclosed ransom within seven days.
In addition to the data types HIBP confirmed were involved, Everest claimed that phone numbers, physical addresses, loyalty program details, and preferred stores were also included.
Law firm Chimicles Schwartz Kriner & Donaldson-Smith filed a proposed class action lawsuit on behalf of Under Armour customer Orvin Ganesh soon after Everest posted the first details of its claimed attack.
Among the ransomware crew’s back catalog of high-profile raids are claimed hits on Collins Aerospace, Sweden’s power grid, and the Brazilian government, among others.
Asus also recently confirmed it was affected by an Everest attack, albeit through a supplier, with its internal files compromised by the group as a result.
As far as ransomware groups are concerned, Everest is something of a veteran, operating since 2020 – far longer than most groups tend to last, be it through takedowns or implosions.
Despite its long-running impression on the ransomware market and portfolio of high-profile attacks, Reg readers will not find Everest in any of the rankings of most dangerous or most prolific groups.
According to Halcyon, Everest has three distinct revenue streams: double extortion ransomware, network access brokerage, and an insider recruitment program.
These each allow Everest to generate cash through different means, all while drawing less attention than some of the louder ransomware crims. ®