Under Armour data breach exposes 150M MyFitnessPal users

Under Armour’s health and fitness app suffered a data security breach that exposed the personal data of roughly 150 million users, the Baltimore company disclosed Thursday.

The data breach, which occurred in February, exposed usernames, hashed passwords and email addresses related to user accounts on MyFitnessPal. Under Armour said more sensitive information, such as credit card information, driver’s license or Social Security numbers were not exposed because they are either not collected or processed separately from the app.

“Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities,” the company said in a statement.

The company began alerting users through email and app notifications on Thursday afternoon after first learning of the breach on March 25. The circumstances of the breach, such as how it occurred and who is responsible, have yet to be determined.

“The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately,” the statement added.

Under Armour shares fell more than 2% in after-hours trading. After a challenging 2017 marked by sagging revenues and tough competition in North America, Under Armour had rallied in recent months, with shares up more than 40% since November.

The Baltimore Sun was first to report the data breach. Founded by former University of Maryland football player Kevin Plank in 1996, Under Armour paid $475 million to acquire MyFitnessPal in 2015.