"On Jan. 21, 2026, according to Have I Been Pwned , a website verifying if email addresses have been exposed in breaches, a customer dataset from the incident was published on a hacking forum. This exposed dataset includes 72 million email addresses. In addition, personally identifiable data such as names, birthdates, genders, locations and purchases have been leaked."
"Rob Babb, Exposure Management Strategist at Seemplicity, states, "The most important thing to understand about incidents like this isn't the sheer number of emails exposed. It's what those addresses unlock next." While the exposure of 72 million emails is a concern, Babb asserts it is only the tip of the iceberg. "With a verified list tied to a real brand, attackers can use AI to craft phishing messages that reference real orders, transaction IDs, and purchase behavior, blurring the line between fraud and legitimate communication," Babb warns. "That's why the real impact often surfaces weeks or months later, once the incident is off people's radar.""
In November 2025, Under Armour experienced a cyber incident after ransomware gang Everest claimed to have accessed 343GB of company data. On Jan. 21, 2026, a customer dataset from the incident was published on a hacking forum and verified via Have I Been Pwned. The dataset contains 72 million email addresses and additional personally identifiable information, including names, birthdates, genders, locations and purchase histories. Security experts warn that exposed addresses enable attackers to craft highly convincing, AI-assisted phishing that references real orders and transaction details. The breach has prompted a lawsuit alleging failure to protect sensitive customer information.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]