Nike appears to be in full-on incident response mode after a ransomware group claimed to have posted a huge cache of stolen internal data.
The World Leaks group added Nike to its leak site last week, with the countdown expiring on Sunday. The full data dump is now live, with a claimed 188,000+ files exposed.
A brief Nike statement sent to Infosecurity said: “We always take consumer privacy and data security very seriously. We are investigating a potential cybersecurity incident and are actively assessing the situation.”
Folders in the data leak seen by Infosecurity have titles including “development,” “tech packs and evaluations,” and “schematics.”
According to threat intelligence group Justabreach, the leak portends a “deep compromise of [Nike’s] operational and strategic environments.” On X (formerly Twitter), it claimed the following information, dating back to 2020, has been compromised:
- R&D and products: Tech packs, bills of materials (BOMs), prototypes, schematics, design files
- Supply chain and manufacturing: Factory audits, partner info, production processes, workflows, validations
- Internal documents: Strategic presentations, employee training, internal videos, partnerships
Read more on ransomware breaches: UK Executives Warn They May Not Survive a Major Cyber-Attack, Vodafone Survey Finds.
There’s no sign yet of customer or employee personally identifiable information (PII), which means no GDPR/CCPA regulatory scrutiny for now. However, the data dump could still be immensely damaging from a commercial point of view, warned Justabreach.
Rivals and counterfeiters could use leaked blueprints for forthcoming products to their advantage, it argued. Leaked release calendars may disrupt prospective launches.
It cited anonymous “rumors” that the breach may have stemmed from unpatched vulnerabilities in Nike’s supply chain.
A Focus on Extortion-as-a-Service
According to anti-ransomware specialist Halcyon, World Leaks launched in January 2025 as a successor to the Hunters International ‘brand.’
Its operators at the time apparently claimed they wanted to move away from traditional encryption-based ransomware to offer extortion as a service via an affiliate model, focusing solely on data theft.
Pete Luban, field CISO at AttackIQ, said the compromised data could have a serious impact on Nike’s wider ecosystem of partners.
“This dramatically spikes supply chain risk since if threat actors can get a hold of logistics like shipping routes or production schedules, they can sabotage transactions, alter orders, or create fraudulent purchase requests that create a cascading effect down manufacturing and distribution channels,” he argued.
“The breach also allows the attackers to use Nike’s internal system as a foothold and gateway into partner networks, where they can use compromised credentials to coordinate phishing or invoice fraud campaigns.”
Image credit: 2p2play / Shutterstock.com
