Cyber Threat Radar – Nike is investigating a potential cybersecurity incident after threat group WorldLeaks claimed responsibility for stealing 1.4 terabytes of internal company data.
The stolen material, which has been partially published online, includes 188,000 files allegedly tied to Nike’s design and manufacturing processes.
While the company has not confirmed the breach, filenames shared by the attackers point toward core business assets, suggesing the data could impact Nike’s intellectual property, product workflows and supplier operations. Filenames shared were labelled:
- Women’s Sportswear
- Garment Making Process
- Training Resource Factory
Nike said it is actively assessing the situation but declined to provide specifics. “We always take consumer privacy and data security very seriously,” a spokesperson told The Register. There has been no public confirmation of any ransom demand or data involving customers or employees.
Nike Data Breach Appears To Target Intellectual Property
Unlike traditional breaches that focus on stealing customer credentials, this attack appears to centre on intellectual property. Internal design files, training materials and factory guidance may not trigger mandatory breach disclosures, but they pose serious commercial risk.
If authentic, this leak could expose Nike to copycat designs, knockoff production or grey-market exploitation across its global supply chain. In sectors like fashion and sportswear, where speed and innovation define success, the loss of proprietary manufacturing methods can erode a brand’s competitive edge overnight.
WorldLeaks appears to be a rebrand of the Hunters International group, which itself may have ties to the dismantled Hive ransomware operation. Their shift away from ransomware encryption toward pure data theft and extortion reflects a wider industry trend. With fewer victims paying for decryptors, data exfiltration now offers more leverage.
The attack on Nike comes just weeks after Under Armour confirmed a data breach involving 72 million user accounts. Together, these incidents suggest the sportswear industry, with its expansive digital footprint and fragmented global partners, is fast becoming a high-value target.
The New Risk Surface: Internal Screens, Not Just Servers
Although the exact attack method behind the Nike data breach remains unknown, cybersecurity experts warn that many extortion groups now prefer methods that do not rely on malware payloads. Instead, they use stolen credentials or infiltrate supply chain communications to gain access.
Increasingly, attackers are also using AI-powered malware to quietly capture what users see on-screen. These tools employ OCR and JSON extraction to harvest sensitive data from internal apps, design platforms or virtual desktops.
SentryBay’s Armored Client offers protection at the point of visibility, blocking screen captures, intercepting keylogging, and stopping data theft before it begins. It delivers continuous defence in environments where traditional perimeter models fail.
“Attackers no longer need to breach the database,” commented Tim Royston-Webb, CEO of SentryBay. “If they can see the screen, they can see the strategy. Intellectual property, source code, even designs are all fair game now. Businesses must rethink what it means to be secure.”
In the absence of confirmed ransom details, it remains unclear how Nike will proceed. But the breach serves as a powerful reminder that data security is no longer just about protecting customer records. Internal systems, supplier portals, and workflow platforms are the new frontier, and they are just as exposed.
