Nike Investigates Data Breach After WorldLeaks Ransomware

Sportswear giant Nike has launched an investigation into a potential cybersecurity incident after WorldLeaks, a financially motivated ransomware group, claimed responsibility for a significant data breach affecting the company.

The group announced the breach on its darknet leak site on January 22, 2026, claiming to have exfiltrated over 1.4 terabytes of internal data and threatening to release the stolen information if ransom demands were not met.

Nike confirmed its awareness of the alleged incident in an official statement, noting that it is “actively assessing the situation” and takes consumer privacy and data security seriously.

However, the athletic footwear manufacturer provided minimal details regarding the scope of the breach or whether customer information was compromised in the attack.

Scope of Alleged Data Exposure

According to WorldLeaks’ claims, the exfiltrated data includes internal company documentation, customer information, employee credentials, supply chain records, and manufacturing operations archives spanning the past five years.

Industry analysts suggest the compromised dataset could reach several terabytes based on the group’s historical attack patterns.

Initial reports indicate approximately 481,183 compromised user accounts, 220 employee records, and 444 third-party employee credentials may have been exposed.

WorldLeaks emerged in January 2025 as a strategic rebrand of the now-defunct Hunters International operation.

The group operates using an extortion-only model, focusing exclusively on data theft rather than file encryption, enabling faster attack execution and reducing detection risk.

Cybersecurity researchers believe some WorldLeaks administrators maintain connections to the Hive ransomware operation, which law enforcement dismantled in 2023.

Since its formation, WorldLeaks has claimed over 116 victims, including high-profile targets such as Dell Technologies, where the group allegedly stole 1.3 terabytes of data.

Intelligence reports indicate the group typically gains initial access through compromised legitimate websites, phishing campaigns with malicious attachments, unpatched internet-exposed applications, and VPNs lacking multi-factor authentication.

This incident marks the continuation of coordinated cyberattacks targeting the retail and athletic apparel sectors.

Last week, Under Armour disclosed that hackers had posted millions of customer records on an online forum, raising questions about whether the Nike and Under Armour incidents are connected.

Security experts recommend that organizations implement mandatory multi-factor authentication on all remote access points.

The incident underscores the persistent threat posed by sophisticated ransomware groups targeting high-value organizations with significant intellectual property holdings.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.