Data Breach Retail / Apparel · United States · January 2026

Nike

Analysis of the Nike data breach with 1.4TB of internal design and manufacturing data claimed stolen by WorldLeaks.

Records Affected

Unknown (1.4TB of data)

Attack Type

Data Breach

Location

United States

Data types exposed

Product design files technical packs bills of materials prototypes schematics factory audits partner information strategic presentations

What Happened

In January 2026, the WorldLeaks group claimed to have stolen 1.4TB of internal Nike data including files on design and manufacturing.
The incident represents a corporate espionage risk rather than a consumer data breach. The investigation is ongoing.

Timeline

  • January 22-24, 2026 — WorldLeaks group claims to exfiltrate 1.4TB of data from Nike systems
  • January 26, 2026 — WorldLeaks publishes data; Nike confirms it is investigating the claims

Threat Actor Profile

WorldLeaks is believed to be a rebrand of Hunters International, which itself has possible ties to the dismantled Hive ransomware operation.
The group focuses on data exfiltration and extortion rather than traditional ransomware encryption, threatening to publish allegedly stolen data if demands are not met.

Impact and Risk Assessment

For Individuals

No consumer PII has been identified in the leaked data. The impact is primarily corporate rather than consumer-facing.
Factory workers and business partners identified in audit reports and partnership documents may have some personal details exposed.

For Organisations

The claimed 1.4TB of internal data spanning 2020-2026 allegedly includes 189,000 files covering product designs, prototypes, bills of materials, and strategic presentations.
If authenticated, competitors could gain significant advantage from access to Nike's product pipeline, manufacturing processes, and strategic plans.
Factory audit reports and partner information may affect Nike's supplier relationships and manufacturing agreements.

Regulatory Context

As the breach primarily involves trade secrets and corporate data rather than consumer PII, traditional data breach notification laws may not apply. However, SEC disclosure requirements for material cybersecurity incidents apply to publicly traded companies.

What Should You Do?

For Individuals

  • No immediate action is required for Nike customers, as no consumer PII has been identified in the leaked data.

For Security Professionals

  • Apply data classification and access controls to protect trade secrets and proprietary information. Internal design and manufacturing data should receive the same protective rigour as customer data.
  • Monitor for competitive intelligence exploitation and consider engaging intellectual property counsel if your organisation's confidential data may have been included in the leak.

Learnings and Recommendations

Internal design and manufacturing data theft poses competitive intelligence risks. Organisations should apply data classification and access controls to protect trade secrets and proprietary information.
This advisory summarises a publicly reported cybersecurity incident for educational purposes. Information is sourced from publicly available reports and may include claims that are unverified or disputed. Inclusion does not imply fault or negligence by the affected organisation.
Back to all advisories