In November 2025, major retailer Under Armour experienced a cyber incident in which ransomware gang Everest extorted the company after claiming to have accessed 343GB of its data. On Jan. 21, 2026, according to Have I Been Pwned, a website verifying if email addresses have been exposed in breaches, a customer dataset from the incident was published on a hacking forum.

This exposed dataset includes 72 million email addresses. In addition, personally identifiable data such as names, birthdates, genders, locations and purchases have been leaked. 

Rob Babb, Exposure Management Strategist at Seemplicity, states, “The most important thing to understand about incidents like this isn’t the sheer number of emails exposed. It’s what those addresses unlock next.” 

While the exposure of 72 million emails is a concern, Babb asserts it is only the tip of the iceberg. 

“With a verified list tied to a real brand, attackers can use AI to craft phishing messages that reference real orders, transaction IDs, and purchase behavior, blurring the line between fraud and legitimate communication,” Babb warns. “That’s why the real impact often surfaces weeks or months later, once the incident is off people’s radar.”

The combination of personal data and purchase histories could allow malicious actors to exploit the information in long-term, targeted schemes such as social engineering campaigns, fraud scams, or more. 

The release of this customer dataset follows news that Under Armour faces a lawsuit due to this incident, alleging the organization failed to properly protect sensitive customer information.