Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.
In a listing seen by The Register, WorldLeaks alleges it has stolen 188,347 files from Nike’s systems. The group has published the data with filenames pointing toward design and manufacturing workflows, rather than customer databases.
Examples include directories labeled “Women’s Sportswear,” “Men’s Sportswear,” “Training Resource – Factory,” and “Garment Making Process,” suggesting the alleged haul centers on product development and production processes.
Nike confirmed it’s looking into the matter but stopped short of validating the criminals’ claims. “We always take consumer privacy and data security very seriously,” a spokesperson told The Register. “We are investigating a potential cybersecurity incident and are actively assessing the situation.”
When asked, the company declined to say what data was stolen and whether it planned to pay a ransom demand.
There’s nothing so far to suggest customer or employee records were involved, which keeps regulators at arm’s length for now. That said, design files, factory training notes, and process documentation are the sort of internal plumbing companies don’t expect to lose control of, even if they don’t trigger formal breach notices. It doesn’t take much imagination to see how copycats or grey-market factories might make use of it.
Crews like WorldLeaks aren’t bothering with ransomware theatrics anymore and are going straight for whatever files they can grab. The crew is said to be a rebrand of Hunters International, a ransomware gang that’s been around since 2023. These days they don’t bother encrypting anything; they just take the data and start leaning on victims with the threat of leaks. With police pressure up and fewer companies paying for decryptors, that’s where the leverage is now.
WorldLeaks claims hundreds of victims so far, with manufacturers and industrial firms cropping up again and again. Dell made the crew’s hitlist in July last year, but claimed WorldLeaks didn’t make off with any important data.
The Nike claim lands just weeks after another US sportswear heavyweight was forced into cleanup mode. Under Armour disclosed a breach following an attack by the Everest ransomware gang. According to Have I Been Pwned, the extortion crew exposed the details of 72.7 million Under Armour accounts, including names, email addresses, dates of birth, genders, geographic locations, and purchase information.
As with most extortion claims, the true size and value of the haul is hard to judge without Nike putting more on the record. What does seem clear is that fashion and sportswear firms, with messy global supply chains and a steady stream of new designs moving between partners, have become a target for data thieves who don’t need customer databases to cause real damage. ®