Nike and Under Armour appear to be the latest high-profile targets for cyber attacks.
Ransomware gangs have been posting who their latest victims are to pressure them for ransom payments, and both Nike Inc. and Under Armour Inc. are on the list. The malware that is used prevents companies from accessing their data until payment is made to restore access. Strong-arm tactics are used to scare victim companies into meeting payment demands.
The extent of the data supposedly accessed at Nike isn’t known. Generally, the data files include, at a bare minimum, customer information, such as name, gender, email address and birthdate. In Nike’s case, it reportedly has a countdown clock set for 6 p.m. Saturday when the alleged stolen data will be released to the public if payment isn’t made. The ransomware group claiming responsibility for the breach is WorldLeaks.
“We always take consumer privacy and data security very seriously. We are investigating a potential cyber security incident and are actively assessing the situation,” Nike told Footwear News.
At Under Armour, the data breach reportedly occurred in November, with ransomware gang Everest claiming responsibility. The shoe and apparel firm is in the midst of conducting a full investigation. A source familiar with the Under Armour probe disputed reports that 72 million email addresses were obtained. This individual noted that the investigation indicates that a “fraction” of that number were compromised. Word of the breach surfaced when certain information of cusotmers were posted on a hacker forum.
“We are aware of claims that an unauthorized third party obtained certain data. Our investigation of this issue with the assistance of external cybersecurity experts is ongoing. Importantly, at this time, we have no evidence to suggest this issue has affected UA.com or systems used to process payments or store customer passwords,” Under Armour said. “Any implication that sensitive personal information of tens of millions of customers has been compromised is unfounded. The security of our systems and data is a top priority for Under Armour, and we take this issue very seriously.”
Last year, Adidas in April confirmed that an “unauthorized external party obtained certain consumer data through a third-party customer service provider.” The German sportswear brand emphasized that the affected data did not contain “passwords, credit card or any other payment-related information” The information that was accessed centered on contact information of consumers who had reached out to the brand’s customer service help desk.
One month later, The North Face was the victim of a cyber attack that relied on “credential stuffing” in an attempt to gain access to customer log-in accounts. The outdoor brand said credit card data remained safe because that information is not stored on its site.
Hackers have been targeting fashion firms overseas too, with last year’s targets including Dior, Harrods, Kering, and Marks & Spencer.
