Nike has launched an internal investigation after extortion group WorldLeaks claimed to have seized 1.4 terabytes of company data.
According to WorldLeaks, a total of 188,347 files were stolen from the sportswear manufacturer’s systems. The Register was able to view a list of sample files with names referring to design and production processes, and not to customer databases.
Focus on design and production data
The published folders suggest that it mainly concerns internal documentation, such as product development and factory processes. Examples include folders with names such as “Women’s sportswear”, “Training equipment, factory” and “Clothing production process”. For the time being, there are no indications that customer or personnel data has been seized.
Nike confirmed that it is investigating the case, but does not confirm the claims. The company does not want to share details about the nature of the data or any ransom demands.
No ransomware
WorldLeaks is said to be the same as Hunters International, a well-known ransomware group that previously broke into the Indian technology company Tata Technologies. Instead of encrypting systems with ransomware, the group is increasingly focusing solely on data theft, followed by threats of disclosure.
The claim surrounding the data breach at Nike follows shortly after a data breach at Under Armour, in which millions of user data are said to have been seized. The incidents show that fashion and sports brands are also increasingly targeted by malicious actors.