How Nike is Responding After Potential Data Breach

With the dust having barely settled following a reported data breach at Under Armour, the defences of another sportwear giant are now coming under microscope. 

Nike is reported to have suffered a similar attack, with ransomware group World Leaks claiming responsibility. It says 1.4 terabytes of data belonging to Nike have been published. 

“We always take consumer privacy and data security very seriously,” said Nike, according to Reuters. “We are investigating a potential cyber security incident and are actively assessing the situation.”

Rob Edmondson, Director of Product at CoreView, comments: “Nike will be running fast to identify if critical IP and systems have been exposed.

“The biggest challenge in moments like this is the recovery process. When attackers get in, they often go after data, but also they increasingly delete and tamper with configurations.  

“Nike will need to do a full audit to see what’s changed and may have to reconfigure their environments – something that can take weeks in a big complex environment like Microsoft 365. 

“Stopping attackers at the start matters, but in a long race, resilience is defined by the ability to withstand impact, respond under pressure and recover at machine speed.”

What is the World Leaks ransomware group?

World Leaks emerged in January 2025 following a rebrand of Hunters International, which, according to Halcyon’s Ransomware Research Center, ceased operations in July 2025. 

Operating primarily as an extortion-as-a-service (EaaS) platform, World Leaks claimed its first victim in April 2025 – after arriving on the scene much earlier, a dormancy period which Halcyon attributes to internal infrastructure issues. 

The group is distinguishable by its signature four pillar infrastructure: a public leak site where each new attack is posted; a negotiation portal with a live chat feature for victims; an affiliate management panel; and an 'Insider Journalist' platform, which gives media outlets 24-hour advanced access to stolen data before public release. 

David Sancho, Senior Threat Researcher at Trend Micro says: “World Leaks is not a major ransomware player if we’re judging by the intrusion sets most commonly seen in ransomware incidents over recent months.

“But there’s no question that World Leaks is going after large companies. Nike is the latest and follows a ‘quiet period’ between the last observed Hunters International attack (last July) and the first attack after the group rebranded as “World Leaks” (last September).

“The standout trait of this actor is that they’re a data-exfiltration ransomware group. This means that they focus on stealing data and asking for money in exchange for not leaking it out to the public.

“This stands in contrast with the traditional ransomware strategy of encrypting the data and asking for payment in order to decrypt it.”

How does World Leaks operate? 

World Leaks is known to prioritise valid credential exploitation, where environments are either misconfigured or lack multi-factor authentication (MFA), according to Halcyon. 

Organisations with exposed remote access entry points such as VPNs (virtual private networks), RDP (remote desktop protocol) and other public-facing applications that store sensitive information are the group’s primary targets.

Environments still employing end-of-life SonicWall SMA 100 equipment were suffering serious security issues as of late 2025 and are actively exploited by World Leaks. 

Organisations with weak data leak prevention (DLP) and endpoint security are also prime victims of World Leaks. 

Halcyon’s observation of World Leaks' attack data shows that exploitation of compromised VPN credentials is the most common attack tactic of World Leaks. 

Data breaches in focus on Data Privacy Day 

As prominent cyber criminals continue exposing sensitive data, the UK is set to observe Data Privacy Day on 28 January, which forms part of a wider Data Privacy Week.

“It’s been a big year since the last Data Privacy Day," says Andre Troskie, EMEA Field CISO at Veeam Software. 

“AI has transitioned from runaway hype into a real business advantage – putting data squarely under the spotlight. There’s only one catch: organisations have to learn to walk the tightrope between keeping data secure, without compromising usability.

“If the nearly two decades of Data Privacy Day have taught us anything, it should be to never neglect the foundations of data resilience. 

“We should treat this not as a yearly reminder, but as an ongoing observance – that straying too far into new tech like AI without the basics in place can only spell trouble. 

“New tools, confidence and even AI breakthroughs can crumble in an instant if just one of those foundational data resilience measures is missing. So, when building with AI, let’s make sure we’ve done the groundwork first.”