Clothing retailer Under Armour is investigating a recent data breach that purloined customers’ email addresses and other personal information, but so far there are no signs the hackers stole any passwords or financial information.
The breach is believed to have happened late last year, and affected 72 million email addresses, according to information cited by the cybersecurity website Have I Been Pwned.
Some of the records taken also included personal information that included names, genders, birthdates and ZIP codes.
In an Under Armour statement acknowledging its investigation into the claims of a data breach, the Baltimore-based company said: “We have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords. Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded.”
Have I Been Pwned CEO Troy Hunt said that he agrees with Under Armour’s assertion, based on the information that has emerged so far. But he also said he was surprised by the lack of an official disclosure statement from the company.
“That’s unusual, especially given the size of the organisation, the scale of the breach and the amount of time that has passed since the incident,” Hunt, based in Australia, wrote by email Thursday. “In their defence, they’re also the corporate victim of malicious criminal activity and I’m sure they’ve had their hands full dealing with the fallout.”
Related: Traveler Information Stolen in Eurail Data Breach
Related: 42,000 Impacted by Ingram Micro Ransomware Attack
Related: 750,000 Impacted by Data Breach at Canadian Investment Watchdog
Related: Central Maine Healthcare Data Breach Impacts 145,000 Individuals
