The notorious Everest ransomware group has added sportswear giant Under Armour to its list of alleged victims, publicizing a claim that it has successfully exfiltrated a massive quantity of the company’s data. The group has posted a sample of what it describes as “more than millions of personal data” and internal corporate documents on a dark web leak site. This aggressive public posting is typical of ransomware operations that aim to pressure a target company into making a payment before the full cache of stolen information is released or sold.
The dark web post specifically asserts that the hackers accessed and stole 343GB of data from Under Armour’s internal network. The group claimed that this substantial data haul includes a “huge variety of personal documents and information of clients and employees.” To substantiate their claims and pressure the retailer, the posted data sample intended to verify the leak’s authenticity contained sensitive personally identifiable customer information, such as email addresses, phone numbers, location data, detailed order histories, and transaction records.
Accompanying the data leak announcement, the Everest group has issued a stark deadline to Under Armour. The hackers have given the company a seven-day ultimatum to make contact, presumably to begin negotiations for a ransom payment. A countdown timer has been placed alongside a clear warning to follow their instructions, emphasizing that the window for a resolution is quickly closing “before time runs out.” This timeframe places the retailer in a difficult position, forcing a rapid decision on whether to engage with the criminals.
If the claims of this data breach are accurate, it would place thousands of Under Armour’s customers at significant risk. The exposure of sensitive personal information like email addresses and transaction data makes customers vulnerable to various malicious activities, most notably identity theft, sophisticated fraud schemes, and social engineering attacks. Consumers who believe they may be impacted should consider utilizing identity theft protection services and remain highly vigilant in closely monitoring all their financial accounts and statements for suspicious activity.
To mitigate the immediate danger of social engineering following such a breach, consumers must exercise extreme caution regarding unexpected communication. The fundamental defense involves being suspicious of any unsolicited texts, calls, or emails, especially those from unfamiliar or slightly misspelled addresses. It is crucial to pay close attention to subtle red flags that indicate a message may not be legitimate, such as an email seemingly from a trusted source but originating from a slightly altered domain (for example, using “gma1l” instead of “gmail”).
Reference:
