Key Takeaways
- Nike is investigating a potential cyber security incident after a cybercrime group claimed to have stolen data from its systems
- The cybercriminals, known as WorldLeaks, have listed Nike as a victim on their Tor-based leak website and are threatening to release the stolen data unless a ransom is paid
- The type and amount of data allegedly stolen from Nike have not been specified
- WorldLeaks has been active since 2025 and has concentrated on data theft and extortion, with nearly 120 alleged victims listed on their website
- The incident is the latest in a series of high-profile data breaches, including those affecting Under Armour, Dell, and others
Introduction to the Incident
Nike has launched an investigation into a potential cyber security incident after a cybercrime group claimed to have stolen data from its systems. The athletic footwear and apparel giant was listed as a victim on the Tor-based leak website operated by the WorldLeaks gang on January 22, and a timer indicates that the stolen data will be made public on January 24, unless a ransom is paid. The cybercriminals have not specified how much or what type of data they allegedly stole from Nike, leaving the company and its customers in a state of uncertainty.
Nike’s Response to the Incident
In response to the incident, Nike has stated that it takes consumer privacy and data security very seriously and is actively assessing the situation. "We always take consumer privacy and data security very seriously," Nike told SecurityWeek. "We are investigating a potential cyber security incident and are actively assessing the situation." The company’s prompt response is a positive step in addressing the incident, but the lack of information about the type and amount of data stolen has raised concerns among customers and security experts.
The WorldLeaks Cybercrime Group
The WorldLeaks cybercrime group emerged in 2025, following the shutdown of Hunters International, a ransomware group active since late 2023. With the transition to WorldLeaks, the cybercriminals stopped using file-encrypting malware and have concentrated entirely on data theft and extortion. At the time of writing, the WorldLeaks website names nearly 120 alleged victims, including Dell, which in July 2025 said the hackers had only stolen synthetic or publicly available information. The group’s shift in tactics has raised concerns among security experts, as data theft and extortion can be just as damaging as ransomware attacks.
Recent Data Breaches
The news of a potential intrusion at Nike comes shortly after clothing retailer Under Armour announced that it’s investigating a data breach involving customers’ email addresses and other personal information. This incident is the latest in a series of high-profile data breaches, including those affecting Dell, Ingram Micro, and the Canadian Investment Watchdog. The frequency and severity of these incidents highlight the need for companies to prioritize data security and invest in robust security measures to protect their customers’ information.
Implications and Concerns
The potential data breach at Nike has significant implications for the company and its customers. If the stolen data is released, it could lead to identity theft, phishing attacks, and other forms of cybercrime. Furthermore, the incident could damage Nike’s reputation and erode customer trust, ultimately affecting the company’s bottom line. As the investigation continues, Nike and its customers will be watching closely to see how the situation unfolds and what measures the company takes to prevent similar incidents in the future.
Conclusion and Recommendations
In conclusion, the potential data breach at Nike is a serious incident that highlights the need for companies to prioritize data security. The WorldLeaks cybercrime group’s shift in tactics from ransomware to data theft and extortion has raised concerns among security experts, and the frequency and severity of recent data breaches emphasize the importance of robust security measures. To prevent similar incidents, companies should invest in advanced security technologies, implement robust data protection policies, and educate their customers about the importance of data security. By taking these steps, companies can protect their customers’ information and maintain trust in the digital age.