Clothes and health knowledge firm Below Armour mentioned it’s investigating claims of a data breach after a cybercriminal posted tens of millions of buyer data to a hacker discussion board.
The vendor advised information.killnetswitch that the information was taken in a November data breach, which the Everest ransomware gang claimed accountability for in a publish on its darkish net leak web site on the time.
Information of the information theft grew to become extra broadly identified this week after breach notification web site Have I Been Pwned obtained a duplicate of the stolen knowledge, and notified 72 million people by e-mail that their info had been compromised.
Have I Been Pwned mentioned the stolen Below Armour dataset included names, e-mail addresses, genders, dates of start, and prospects’ approximate location based mostly on postcode or ZIP code. The information additionally included info referring to purchases.
The vendor offered information.killnetswitch with a pattern of the stolen knowledge, which seems to comprise tens of millions of data of Below Armour buyer purchases and matched the sorts of knowledge that Have I Been Pwned had reported. The stolen knowledge incorporates reams of e-mail addresses belonging to Below Armour staff.
When reached for remark, Below Armour spokesperson Matt Dornic advised information.killnetswitch that the corporate is “conscious of claims that an unauthorized third get together obtained sure knowledge.”
“Our investigation of this difficulty, with the help of exterior cybersecurity consultants, is ongoing. Importantly, right now, there’s no proof to recommend this difficulty affected UA.com or techniques used to course of funds or retailer buyer passwords,” the spokesperson added.
“What we all know right now is the variety of affected prospects with any kind of info that may very well be thought of delicate is a really small proportion,” mentioned Dornic.
The spokesperson didn’t instantly reply to a follow-up e-mail asking what sorts of prospects’ info Below Armour considers “delicate” info, nor did he present an correct determine of what number of prospects are affected by the breach.
“Any implication that delicate private info of tens of tens of millions of consumers has been compromised is unfounded,” the spokesperson mentioned.
Below Armour didn’t say if it deliberate to inform prospects whose info was compromised. It didn’t say if it had obtained any correspondence from the hackers, resembling a requirement for ransom.
