Nike investigates possible data breach

At the end of January 2026, the US company Nike announced that it was investigating a possible cybersecurity incident following allegations by a group of cybercriminals known as WorldLeaks. The alleged incident began to become public around January 22–26, 2026, when the group claimed to have obtained and disclosed a large amount of Nike's internal data on the dark web. The news spread rapidly through international agencies and cybersecurity media outlets.
WorldLeaks, a cybercrime collective, claimed to have published 1.4 terabytes of data stolen from Nike, which would include some 190,000 files related to its internal operations. Although Nike has not independently confirmed the legitimacy of these files, the company said it was investigating the possible incident and working to understand the situation. There has been no public confirmation that customer, employee, or external business partner data has been exposed, nor has it been disclosed whether a ransom or payment demand was made.
As of mid-February 2026, the incident remains under active investigation, with Nike assessing the actual scope of the alleged data breach and yet to confirm whether the leaked files belong to its systems or contain sensitive information belonging to third parties. Nike is expected to update regulatory authorities, strengthen its internal defenses, and, depending on how it plans its crisis management strategy, may issue broader public statements or notify potentially affected parties once the investigation is complete and the facts have been verified.