Nike is looking at claims hackers leaked internal product blueprints, leading to anxiety of counterfeit risks and competitive exposure.
Nike has confirmed it is investigating a potential cybersecurity incident after cybercrime group World Leaks claimed to have released 1.4 terabytes of company data online.
The group alleges it published more than 188,000 files, boasting the leak with a countdown on its website which ended on January 25. While Nike has not verified the breach, it said it is treating the claims seriously.
“We always take consumer privacy and data security very seriously,” a Nike statement sent to multiple publications read. “We are investigating a potential cybersecurity incident and are actively assessing the situation.”
Initial concerns focused on whether customer data had been compromised, following a similar breach at Under Armour last year which exposed information tied to tens of millions of customers.
However, emerging details suggest Nike’s case may instead involve internal corporate data, including garment measurements, material specifications and factory audits.
While that could come as a relief to consumers, analysts warn such data can still carry significant consequences. Product designs, supplier information and manufacturing processes are highly sensitive assets and exposure can fuel counterfeit markets or give competitors insight into future collections and sourcing strategies.
Insider Sport has approached Nike for comment.
What’s at stake?
Nike consistently reports global revenues above $50bn, roughly double those of its closest competitor, Adidas. It also holds partnerships across global sport, including with the NBA, NFL, Barcelona, Atlético Madrid and the German national football team, meaning any breach could have implicated its partners.
Counterfeit goods remain a persistent challenge for sportswear brands, with research published by the UK Intellectual Property Office in 2025 finding 24% of respondents admitted to knowingly purchasing counterfeit goods, with clothing, footwear and sports products among the most commonly affected categories.
Younger consumers were significantly more likely to buy counterfeits, while online channels continued to grow as a key distribution route.
Security experts say leaks of internal manufacturing and product data can accelerate those markets. Shankar Haridas, Head of UK and Ireland at ManageEngine, tells Insider Sport incidents of this scale often go further than consumer data exposure.
“Nike’s suspected attack shows how quickly a cyber incident becomes a data issue,” Haridas says.
“When attackers claim access to terabytes of internal information, the immediate concern is for operational disruption, but this is rapidly superseded by privacy concerns, with sensitive business and partner data potentially being exposed.
“For large brands, the risk rarely stops at customer records. Product roadmaps, supplier contracts, pricing models and internal comms are often just as valuable to attackers. A leak of this scale can create long-term competitive and reputational damage, even before the facts are fully confirmed.”
A rising threat
The Nike investigation follows a breach at Under Armour, when the Everest Ransomware Group claimed it had stolen 343GB of company data. The incident, which reportedly took place in November 2025, triggered class action lawsuits in the US, with customers alleging negligence and failures in safeguarding personal information.
With breaches growing more frequent and attackers continually finding ways around even the strongest defences, how organisations respond to potential attacks has become just as important as the security measures themselves
Rob Edmondson, Director of Product at CoreView, said companies facing claims like Nike’s are likely prioritising containment and recovery over attribution.
“Nike will be running fast to identify if critical IP and systems have been exposed,” he tells Insider Sport. “The biggest challenge in moments like this is the recovery process. When attackers get in, they often go after data, but also they increasingly delete and tamper with configurations.”
Edmondson added remediation can take weeks in complex enterprise environments, explaining the company will need to do a full audit to see what’s changed and may have to reconfigure their environments.
