Everything we know so far about the Nike data breach

Nike has confirmed it is investigating a potential data breach amidst claims hackers have accessed sensitive company data.

Hackers behind the WorldLeaks ransomware group claim to have accessed up to 1.4TB of internal data, adding the company to its leak site.

Exact details on the data stolen by the group are yet to be revealed. However, a sample published by the group points toward design and manufacturing information.

Data shared by WorldLeaks includes directories titled “Women’s Sportswear” and “Training Resources - Factory”, for example.

At present, it does not appear that sensitive customer or employee data was compromised in the attack.

In a statement given to Infosecurity Magazine, a spokesperson for Nike said: “We always take consumer privacy and data security very seriously. We are investigating a potential cybersecurity incident and are actively assessing the situation.”

ITPro has approached Nike for additional comment and clarification.

Nike data breach could have ramifications

Initial analysis of the data dump from threat intelligence group, Justabreach, suggests the data stolen by WorldLeaks dates as far back as 2020.

While no customer data appears to have been compromised thus far, the long-term damage of this attack could be significant for the sportswear giant.

Sensitive documents on manufacturing processes and product information have been impacted.

Shankar Haridas, head of UKI at ManageEngine, said this could have huge ramifications for the company.

“For large brands, the risk rarely stops at customer records,” he said.

“Product roadmaps, supplier contracts, pricing models, and internal comms are often just as valuable to attackers. A leak of this scale can create long-term competitive and reputational damage, even before the facts are fully confirmed.”

What you need to know about WorldLeaks

WorldLeaks has claimed a number of victims in recent years, including Dell and Tata Technologies, and is believed to be the successor group to Hunters International.

The notorious threat group confirmed plans to shut down in July last year, offering victims a decryptor to regain access to stolen data. The announcement wasn’t quite a goodwill gesture, however.

Speaking to ITPro at the time, Dray Agha, senior manager of security operations at Huntress, said the group was essentially just rebranding under a new name.

David Sancho, senior threat researcher at Trend Micro, said the attack against Nike follows a dormant period for the group, which now appears to have large corporations in its crosshairs once again.

“There’s no question that World Leaks is going after large companies,” he said. “Nike is the latest and follows a ‘quiet period’ between the last observed Hunters International attack (last July) and the first attack after the group rebranded as “World Leaks” (last September).”

Sancho noted that the “standout trait” of WorldLeaks is that it’s a data exfiltration group, meaning it focuses primarily on stealing data, then asking for money in exchange for not leaking it to the public.

“This stands in contrast with the traditional ransomware strategy of encrypting the data and asking for payment in order to decrypt it.”

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.