Under Armour’s Low Key Mega Breach

As March Madness finishes up, with Villanova and Notre Dame both victorious, the eyes of sports fan turn back to the NBA, and its own approaching playoff season.  One of the league’s biggest marketing partners, however, now finds itself a victim of one of the largest data breaches in history.

Under Armour is sponsor of some of the brightest stars in the sport.  In 2017 alone, its total sales reached $5 billion.  Recently, the company announced that MyFitnessPal, its data and fitness mobile app, had been compromised in February, to the tune of 150 million accounts.  The data included user names, passwords and email addresses.  Although more sensitive financial data remained untouched, what was accessed is sufficient for fraud schemes.  After learning about it on Thursday, the company immediately began notifying app users and requiring them to change their passwords.  More details remain unclear.

Not that this has stopped Under Armour shares from dropping 3%.

Considering the particulars of this case, it is surprising how it’s in the same top five as the likes of the Yahoo breach in 2013.  And that was 3 billion accounts.  Even the Equifax hack only totaled 145 million accounts.

Again, though, it only took a few days for Under Armour to start alerting its users to the breach, and I think it should be commended for that, at least.  Equifax and Uber, by contrast, took their sweet time.  Over a month and over a year, respectively.

While consumer trust may not be at a premium just yet, the trend is in that direction.  Transparency and accountability from a business to its users will continue to grow in importance.

That is certainly something, as an aside, that Facebook CEO Mark Zuckerberg seems to acknowledge.  Indeed, just today it was announced he had agreed to testify before the House Energy and Commerce Committee on the Cambridge Analytica scandal.

We’ve seen by now the long held predictions come to fruition.  Personal data has been used not only in financial crimes, but is now key to international political incidents, or targeting critical infrastructure.  Consumer awareness of their data and its security will have to improve.  March may be over, but the madness sure isn’t.


By: Jonathan Weicher, post on April 4, 2018
Originally published at: http://www.netlibsecurity.com
Copyright: NetLib Security