Nike Investigating Potential Data Breach as Cybersecurity Experts Warn of Shift in Attack Tactics

Nike has confirmed it is investigating a potential cyber security incident after a cybercrime group claimed to have accessed company data, prompting warnings from Irish cybersecurity experts about evolving criminal tactics that prioritize data theft over traditional ransomware.

The sportswear giant released a statement following claims by the group World Leaks, which reported publishing 1.4 terabytes of Nike data on its website. Reuters was unable to immediately verify the claims or download the alleged data.

Nike said in a statement: "We always take consumer privacy and data security very seriously. We are investigating a potential cyber security incident and are actively assessing the situation."

The company declined to comment on specific details of its investigation or whether any ransom demand had been made or paid.

ESET Ireland, responding to the incident today, said the Nike situation reflects a significant shift in cybercriminal behaviour, with attackers increasingly abandoning traditional ransomware tactics in favour of stealing data first and exploiting the uncertainty during company investigations.

George Foley, security spokesperson for ESET Ireland, said:

"We are seeing a clear change in attacker behaviour. Rather than locking systems and demanding ransom, many groups now focus on taking data and creating pressure while organisations are still trying to understand what happened. The lack of clarity becomes the leverage."

ESET Ireland said this approach allows criminals to cause disruption without deploying malware, while creating opportunities for fraud, impersonation and social engineering during the investigation phase.

Foley added:

"When an incident is still unfolding, consumers are more likely to trust messages that reference a brand they use and a situation they have seen in the news. Attackers exploit that gap. Even if no customer data is ultimately involved, the risk period is real."

The cybersecurity firm advised consumers to exercise caution with unsolicited emails, texts or messages referencing account checks, password resets or security reviews linked to high-profile brands. Users should access accounts only through official websites or apps and avoid acting on messages designed to create urgency.

The Nike incident comes as the company works to re-establish itself as the world's dominant sportswear brand amid market share losses to smaller rivals. Nike shares were flat as of late morning on Monday, according to Reuters.

It remains unclear whether the breach might have affected data at Nike's wholesale partners, including Dick's Sporting Goods, Macy's and JD Sports. The retailers either did not respond to requests for comment or had no immediate comment.

Data breaches have caused significant financial damage to major corporations in recent years. MGM Resorts International suffered losses of at least $100 million from a 2023 attack, while Clorox reported a drop of more than $350 million in quarterly net sales following its breach. UnitedHealth Group also experienced a major attack during this period.

For more information, visit www.eset.com/ie