Apparel giant Varsity Brands this week disclosed a data breach impacting a significant number of individuals.
Varsity provides uniforms, apparel and services for sports teams, schools, and student-athletes. The company was recently acquired by investment firm KKR, reportedly for $4.75 billion.
Varsity informed the Maine Attorney General’s Office this week that it detected “unusual activity” on its systems in May 2024.
“Upon detection, we promptly took steps to stop the activity and took certain systems offline. An investigation was launched with assistance from external cybersecurity experts. We also notified law enforcement,” Varsity said in a letter sent to impacted individuals.
The investigation showed that the intruder obtained “a small subset of company files” that stored personal information.
Varsity told the Maine AGO that over 65,000 individuals have been impacted and they have been offered free credit monitoring and identity theft protection services for 24 months.
The company’s brief description of the incident suggests that it may have been targeted in a ransomware attack. However, no known ransomware group has taken credit for an attack on Varsity Brands. On the other hand, it’s possible that the company paid a ransom to the attackers, which would explain why it hasn’t been named by cybercriminals.
SecurityWeek reached out to Varsity Brands for additional information on the incident — specifically on whether it involved ransomware — but the company said it’s not providing any further comment at this time.
*updated after Varsity responded to SecurityWeek
Related: Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches
Related: Casio Confirms Data Breach as Ransomware Group Leaks Files
