The infamous Everest ransomware group has claimed accountability for a serious cyber breach towards Below Armour, the worldwide sportswear big, alleging the theft of 343 GB of inside information that might impression tens of millions of consumers and workers worldwide.
The announcement, posted on the group’s darkish net leak web site on November 16, 2025, features a pattern of stolen information to substantiate the claims, escalating issues over potential identification theft and phishing dangers.
In line with Everest, the compromised dataset encompasses an unlimited array of non-public and company data from Below Armour’s programs.
Everest Ransomware Group Armour Breach
This contains tens of millions of consumer information with transaction histories, consumer IDs, e mail addresses, bodily addresses, cellphone numbers, passport particulars, gender data, and each work and private e mail contacts.
Worker information from varied nations can be implicated, alongside inside firm paperwork. The pattern supplied by the hackers reveals delicate buyer procuring histories, product catalogs with SKUs, costs, and availability, in addition to advertising logs and consumer habits analytics.
These particulars counsel the breach focused Below Armour’s buyer relationship administration, personalization, or e-commerce databases, doubtlessly originating from advertising or product registration programs.
Everest, lively since 2021, has a monitor document of high-profile assaults, together with claims towards AT&T’s service database, which uncovered over 500,000 customers, 1.5 million passenger information from Dublin Airport, and inside information from Coca-Cola.
The group issued a seven-day ultimatum to Below Armour through Tox messenger, demanding contact earlier than the countdown timer expires and threatening to leak the information if the demand will not be totally met. No ransom quantity was specified within the preliminary publish, however Everest’s sample entails escalating leaks for non-compliant victims.
Below Armour, headquartered in Baltimore, Maryland, has not but publicly confirmed or denied the breach as of November 18. The corporate, which serves over 190 nations and boasts manufacturers like MyFitnessPal (beforehand hit in a 2018 incident affecting 150 million customers), may face vital fallout.
Previous breaches on the agency uncovered usernames, emails, and hashed passwords, however spared monetary information; this incident seems far broader, doubtlessly together with passports and transaction logs that allow focused fraud.
Cybersecurity specialists warn that such exposures heighten the danger of provide chain assaults and social engineering. “Ransomware teams like Everest are pivoting to information exfiltration over encryption, turning breaches into intelligence goldmines,” famous a Mandiant analyst.
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has not but listed this in its Identified Exploited Vulnerabilities catalog, however comparable incidents have prompted federal alerts.
Clients are urged to observe accounts for uncommon exercise, change passwords on Below Armour-linked companies, allow multi-factor authentication, and look ahead to phishing emails masquerading as breach notifications.
Enterprises ought to scan for Everest indicators of compromise, comparable to Qakbot malware or Cobalt Strike beacons, which the group usually makes use of. Below Armour has been contacted for remark; till verified, these stay allegations, however the pattern’s element lends credibility.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
