Nike, Inc., a major US-based sportswear and apparel company, has confirmed it is investigating a potential data breach following public claims by a cybercrime group that it leaked a substantial volume of internal data. The company said it is actively assessing the situation after the incident came to light in late January 2026.
The alleged cyberattack was reported by the WorldLeaks group, a threat actor known for data theft and extortion. The group posted on its website that it had published about 1.4 terabytes (TB) of data. The listing did not include full details of what types of information were contained in the alleged leak, and neither Nike nor independent sources have verified the authenticity of the claim.
In a statement issued to media outlets, Nike said it takes consumer privacy and data security “very seriously” and is investigating a potential cybersecurity incident. The company said it is actively evaluating the matter, but did not disclose whether the alleged breach involved customer, employee, or partner information. Nike also did not provide details about the alleged data or whether any ransom demands were received or paid.
The cybercriminal group WorldLeaks reportedly emerged in 2025 after rebranding from another ransomware-linked organisation. According to reporting, the group has shifted away from traditional file-encryption ransomware tactics and now focuses on stealing corporate data and threatening public disclosure unless extortion demands are met. The group has publicly named dozens of alleged victims on its leak site, though these claims have not been independently verified in many cases.
It remains unclear what specific categories of data, if any, were affected in the reported incident. Initial reports suggest the alleged leak contains internal business data, but there are no confirmed indications that sensitive personal information, such as customer names or financial details were compromised. Nike has declined to clarify these aspects pending the outcome of its investigation.
The incident comes amid an environment of increasing cybersecurity concerns for global corporations. In recent years, numerous organisations have reported major breaches leading to significant operational disruption or financial impact, including companies in the retail, hospitality, and healthcare sectors. Nike’s announcement follows a similar investigation by Under Armour, another sportswear brand, which disclosed a separate data incident involving millions of email records.
Wholesale and retail partners of Nike, including large distributors and outlets, have not publicly commented on the situation, and it is not known whether they have been directly affected. Nike’s share price remained relatively stable in early trading after the news emerged, suggesting that investors are awaiting verified details before adjusting their positions.
The company’s investigation is ongoing. Nike has indicated that updates will be provided as more information becomes available and as the assessment of the potential cybersecurity incident progresses.