Ransomware Gang Claims Massive Data Theft as Nike Probes Potential Cybersecurity Incident

Extortion group alleges theft of 1.4 TB of internal data, prompting investigation by the global sportswear brand.

Nike has confirmed that it is investigating a potential cybersecurity incident after a ransomware group claimed to have stolen a massive volume of internal data from the company.

The incident came to light after the World Leaks ransomware gang listed Nike on its dark-web leak site, alleging it had exfiltrated 1.4 terabytes of corporate data containing internal business information.

What Is Known So Far

According to the threat actors, the stolen dataset includes nearly 190,000 files related to Nike’s internal operations. However, Nike has not confirmed any data theft, and the claims have not been independently verified.

In a statement, the company said:

“We always take consumer privacy and data security very seriously. We are investigating a potential cybersecurity incident and are actively assessing the situation.”

Leak Site Entry Removed

Shortly before wider reporting, the ransomware group removed Nike’s listing from its leak site. This move often indicates:

Ongoing ransom negotiations, or
A possible private resolution between the attackers and the victim

Nike has not commented on whether negotiations took place or whether any ransom was paid.

About the Threat Actor

World Leaks is widely believed to be a rebrand of Hunters International, a ransomware operation that emerged in late 2023.

In early 2025, the group reportedly shifted away from traditional file encryption attacks toward data-theft-only extortion, citing increased law-enforcement pressure and declining profitability.

Hunters International itself was previously suspected to be linked to the defunct Hive ransomware operation due to technical similarities.

A Pattern of High-Profile Victims

The group has claimed responsibility for breaches affecting organizations across multiple sectors, including:

Government agencies
Manufacturing and technology firms
Defense and critical infrastructure contractors

Affiliates linked to the operation were previously associated with attacks involving:

A product demonstration platform breach at Dell
Exploitation of end-of-life SonicWall SMA 100 devices, where custom rootkit malware was deployed

Why This Matters for Enterprises

This incident highlights a growing trend:

Ransomware groups prioritizing data theft over encryption
Increased pressure through public leak threats
Reduced recovery options once data is exfiltrated

Even without confirmation of data exposure, the reputational and regulatory risks for global brands remain significant.

Current Status

Nike continues to assess the situation
No confirmed data breach details have been released
No customer or employee notifications have been issued so far

Further updates are expected as the investigation progresses.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

Ransomware Gang Claims Massive Data Theft as Nike Probes Potential Cybersecurity Incident