Nike is investigating a possible cybersecurity incident after a hacking group claimed it gained access to the company’s systems and stole information. The group has warned that the data will be released publicly unless a ransom is paid, raising concerns about digital safety and customer privacy.
The claim appeared on January 22, when Nike was listed on a dark web leak site operated by a group called WorldLeaks. A countdown timer on the site shows that the allegedly stolen data could be published on January 24 if no payment is made. Nike has confirmed that it is aware of the situation and has launched an internal investigation.
How the Incident Was Discovered
WorldLeaks posted Nike’s name on its hidden website, which is used to pressure companies by threatening to release stolen data. These sites are not accessible through normal internet browsers and are commonly used by cybercriminal groups.
The hackers did not explain how they accessed Nike’s systems or what type of information they claim to have stolen. They also did not provide proof of the data theft. Because of this, it is not yet clear whether customer information, employee records, business documents, or other sensitive material was involved.
Footwear giants slash jobs as layoffs sweep Nike, Adidas, Puma and the retail sector
Nike responded with a statement saying it takes consumer privacy and data security very seriously. The company said it is investigating a potential cybersecurity incident and is actively reviewing the situation. At this time, Nike has not confirmed any data loss or system breach.
The company has also not shared whether it plans to pay a ransom or whether law enforcement or cybersecurity agencies have been contacted. Many companies avoid paying ransoms because payment does not guarantee the safety of the data and may encourage future attacks.
Who Is Behind the Cyber Claim Against Nike?
WorldLeaks is a cybercrime group that emerged in 2025 after the shutdown of another hacking group known as Hunters International. Hunters International had been active since late 2023 and was known for using ransomware, which locks systems and demands payment to restore access.
WorldLeaks uses a different approach. Instead of locking systems, the group focuses entirely on stealing data and threatening to publish it. This method, known as data extortion, allows hackers to pressure companies without interrupting their operations.
Cybercrime group Everest says it stole nearly 900GB of Nissan data in major attack
The group’s dark website currently lists nearly 120 alleged victims from different industries, including technology companies, service providers, and retail brands. In at least one previous case, a company said the hackers had only accessed synthetic or publicly available information. However, there is no confirmation that this applies to the Nike case.
So far, WorldLeaks has not shared any proof to support its claims about Nike, and the company has not verified that any data was taken.
What This Means for Customers and the Retail Industry
The situation involving Nike comes shortly after another major clothing retailer announced it was investigating a data breach involving customer email addresses and other personal information. These incidents show that retail companies are becoming frequent targets for cybercriminals.
Retail brands store large volumes of personal data, such as names, email addresses, phone numbers, payment information, and purchase histories. This makes them valuable targets for hackers who want to sell or misuse stolen data.
If personal information is compromised, customers may face risks such as phishing emails, scam messages, identity theft, or unauthorized financial activity. For companies, cyber incidents can harm customer trust, damage brand reputation, and lead to financial losses or legal consequences.
China Warns U.S. Over Arbitrary Sanctions in Cybersecurity Clash
At this stage, Nike has not confirmed that any customer or employee data has been affected. Customers have not been asked to take any specific action, as the investigation is still ongoing. However, cybersecurity experts often advise staying alert for unusual messages or account activity whenever such claims arise.
Nike continues to assess the situation, and no further technical details have been released. The company has not confirmed whether the alleged incident involved internal systems, third-party vendors, or external platforms. The investigation remains active, and no official confirmation has been provided regarding the scope or impact of the alleged cyber incident.
