Nike is allegedly the victim of a data breach after a threat actor claimed to possess a large customer database alongside what appear to be internal application logs. The material, published by a recently created forum account, allegedly contains customer records from 2026 and technical data referencing multiple Nike services. Nike had not issued any public statement at time of publication.
Threat actor claims millions of customer records
The post alleges that data was obtained from Nike systems during June 2026 and claims approximately 40 GB of compressed CSV files were exfiltrated. According to the threat actor, the archive contains customer registration and order-related information collected during 2026, with the total number of records reportedly reaching into the tens of millions.
Based on the published samples, the alleged dataset appears to include:
- Full names
- Email addresses
- Phone numbers
- Shipping addresses
- Order information
- Checkout metadata
- Application logs
- Telemetry data
BreachNews has intentionally withheld potentially sensitive information contained in the published samples.
Technical artifacts reference Nike infrastructure
The sample files contain numerous references that appear consistent with Nike’s application environment, including checkoutpreviews, com.nike.commerce.checkout.web, nike:swoosh, AWS infrastructure, and Splunk instances ending in .nike.splunkcloud.com.
Additional entries reference authentication services, OpenTelemetry collectors, internal product management components, and Nike product identifiers. One product code visible in the samples corresponds to a legitimate Nike apparel item. While these references appear internally consistent and include names associated with Nike services, they do not independently confirm that the data originated from Nike or that unauthorized access to company systems occurred.
Authenticity remains unverified
BreachNews could not independently verify the authenticity of the alleged database or determine whether the information was obtained through unauthorized access to Nike systems.
The forum account responsible for publishing the claim has little publicly established history, making independent verification especially important. Although the samples appear internally consistent and contain detailed technical references, they should not be treated as confirmation that a breach occurred.
The Nike claim was published alongside a separate alleged breach involving medical device manufacturer Alcon by the same forum account. Both claims were posted within the same thread, although BreachNews has found no evidence linking the alleged incidents beyond their publication by the same threat actor. Read our coverage of the alleged Alcon breach here.
Potential customer impact
If the claims prove authentic, the alleged exposure could affect a significant number of Nike customers. The combination of personal information, order history, and application telemetry could increase the risk of phishing, identity fraud, and account takeover attempts.
BreachNews will post an update if Nike confirms the incident, disputes the claims, or releases additional information regarding the alleged breach.












