In the latest news that has security teams scrambling to shore up their defenses, the Everest ransomware group posted a threat notice on its dark leak site involving global sportswear giant Under Armour. The group claims to have stolen “millions of personal data,” along with internal company files, and even posted samples to prove it.
Although the Under Armour data heist remains unconfirmed, the incident has made headlines.
What Does Everest Claim They Stole From Under Armour?
Everest says it grabbed about 343GB of internal data.
According to the group’s post, the stolen trove includes personal documents tied to clients and employees. They also claim to have obtained sensitive internal records, fueling concerns about internal document exposure and the potential fallout.
Everest posted a publicly visible countdown clock in their announcement of the Under Armour data heist, giving the company seven days to contact them. It’s a not-so-subtle way for the hackers to say they want to talk money, a prime example of cyber-extortion threat behavior.
If the Everest ransomware breach proves anything, it’s that encryption isn’t even the main event anymore. It’s almost a side quest now, as the real money comes from PII leak risk, regulatory consequences, and reputational carnage. A handful of leaked files is bad enough, but hundreds of gigabytes can knock a brand sideways for months.
What You Can Learn From the Under Armour Data Exfiltration Claims
A lot of smaller businesses tell themselves, “Hackers won’t bother with us.”
But that’s the trap. Hackers like Everest cast a wide net, often exploiting basic vulnerabilities, such as exposed credentials, unpatched systems, or employees clicking on phishing emails. From there, they quietly move through internal systems until they find something worth stealing.
The fact that Everest could potentially pull off this level of internal document exposure and data exfiltration from a publicly traded company with serious security budgets means your company is definitely not too small to be a target.
As Under Armour sorts out what actually happened, you can use some lessons from the news now:
- Segment your network. If attackers get in through a phishing email, they shouldn’t be able to access everything.
- Audit your access points. Know who can access what, and tighten anything that feels too open.
- Encrypt data at rest and in motion. If attackers grab encrypted information, it’s far less useful to them.
- Enable MFA. Most breaches involve weak or stolen passwords, so add more protection.
- Install patches. Most ransomware crews still exploit known vulnerabilities, so implement automated patching and test it monthly.
- Use the 3-2-1-1 rule for backups. Back up three copies on two different media, one offline and one immutable. Everest can’t extort you over data you can recover in hours.
- Review your incident response plan. If you haven’t run a tabletop exercise in the last year, it’s overdue.
Staying One Step Ahead of Hackers
The Everest Under Armour data heist is the latest reminder that cyber-extortion threats are getting bolder and more sophisticated. You can’t eliminate risk, but with strong security hygiene, you can dramatically reduce the odds of becoming a victim.
