Nike Probes Data Breach Following Hacker Leak
▼ Summary
– Nike is investigating a potential cybersecurity incident after the World Leaks ransomware gang claimed to have stolen and leaked 1.4 TB of its corporate files.
– The extortion group added Nike to its dark web leak site but later removed the entry, suggesting possible negotiations or a ransom payment.
– Nike has not confirmed the data theft, and the legitimacy of the leaked files has not been independently verified.
– World Leaks is believed to be a rebrand of the Hunters International ransomware group, which shifted to data theft and extortion-only attacks in early 2025.
– This group and its affiliates have a history of targeting major organizations, including U.S. government agencies and large corporations like Dell.
Nike is currently examining a significant cybersecurity event after a ransomware group known as World Leaks published a massive trove of data online. The sportswear company acknowledged it is looking into a “potential cyber security incident” and emphasized its commitment to consumer privacy and data security. The hacker collective claims to have stolen approximately 1.4 terabytes of information, equating to nearly 190,000 files detailing Nike’s internal business operations.
Before reports circulated widely, the entry for Nike was removed from World Leaks’ dark web leak site. This action often indicates ongoing negotiations between a victim and attackers, or that a ransom payment has been made to suppress the stolen data. Nike has not verified the hackers’ assertions, and the authenticity of the leaked files remains unconfirmed by independent analysis.
The World Leaks group is widely considered a rebrand of the Hunters International ransomware operation. This shift occurred in early 2025 when the actors abandoned file encryption in favor of pure data theft and extortion, stating that traditional ransomware had become too risky and unprofitable. Hunters International itself, active since late 2023, has been connected to over 280 attacks and shares code similarities with the notorious Hive ransomware gang.
This group has targeted a wide array of high-profile organizations. Their list of victims includes the U.S. Marshals Service, technology firm Tata Technologies, optics manufacturer Hoya, automotive retailer AutoCanada, and U.S. Navy contractor Austal USA. Since appearing, World Leaks has published stolen data from dozens of global entities on its dedicated leak website.
In related activity from earlier this year, affiliates of World Leaks were implicated in breaching a Dell product demonstration platform. They also exploited vulnerabilities in outdated SonicWall SMA 100 devices to deploy a sophisticated rootkit malware called OVERSTEP onto compromised systems. These incidents highlight the group’s aggressive tactics and broad targeting across multiple sectors.
(Source: Bleeping Computer)
