Under Armour announced that there has been a data security issue involving users of its MyFitnessPal app.
The Baltimore–based sportswear and apparel retailer said in a statement Thursday that it had to notify users of MyFitnessPal—the company’s fitness and nutrition app and website, which lets people track their calorie intake, diet and exercise routines—that on March 25 it became aware that during February of this year an unauthorized person acquired data from users’ accounts. The company said information from roughly 150 million users was compromised.
The affected information included usernames, email addresses and passwords. No government-issued information, such as social security numbers and driver’s license information was involved, since MyFitnessPal doesn’t collect that type of info from users. Payment information data was also not affected because that’s collected and processed separately.
Under Armour said it took quick measures to determine the severity of the issue, working with a data security firm to assist in the investigation, and that it continues to monitor for suspicious activity and to coordinate with law enforcement authorities. It also said that it continues to make enhancements to its systems to detect and prevent unauthorized access to user information going forward.
The company began taking steps to alert and protect its customers four days after learning about the incident, informing them through email and in-app messaging and also providing them with information on how to protect their data moving forward. The company also required all MyFitnessPal users to change their passwords, and urged them to do so immediately.
At press time Under Armour said the identity of the unauthorized person involved in the breach was still unknown, but that the investigation is ongoing.
In this predatory cyber climate in which we live, customer data breaches have become quite the norm. In November, The Wall Street Journal reported a data breach at Forever 21 department stores, where unauthorized users acquired access to the company’s payment systems. And in November 2013, there was a highly publicized data security issue at Target, where hackers also gained unauthorized access to customers’ payment information.