Case Study: Under Armour Hack

Case Study: Under Armour Hack

Kylie Torres, Andrew Stevenson, Justin Hicks
DOI: 10.4018/978-1-7998-3487-8.ch006
(Individual Chapters)
No Current Special Offers


Under Armour purchased a fitness app, MyFitnessPal, that suffered a data breach shortly after Under Armour acquired the app. This breach made customers usernames, emails, and passwords available and for sale on the dark web. Under Armour informed its users of the breach and handled the crisis in the way they saw fit. During the investigation, it was found that Under Armour used a weaker encryption algorithm than it should have to encrypt customers' sensitive information. The company is currently in a lawsuit over the breach with one MyFitnessPal user.
Chapter Preview

Organization Background

Under Armour

The athletic footwear and apparel company Under Armour was founded and created by University of Maryland football player Kevin Plank (Under Armour Annual Report, 2018). He started the company to develop a shirt that would wick away sweat from the body. Plank’s motivation was rooted in a desire to reduce the number of sweat-soaked T-shirts he would go through during a football season. Plank teamed up with Kip Fulks, a fellow athlete and friend. Through Plank’s numerous contacts in the sports industry, the duo began selling his shirts to Georgia Tech and Arizona State University. Later, Kip Fulks would go on to be named Under Armour’s vice president of production. Since the early days of 1996, Under Armour has grown to become one of the biggest names in athleticwear. The company generated a net revenue of $4,989,244 in 2017, before increasing its revenue a year later to $5,193,185 in 2018 (Under Armour Annual Report, 2018).

Under Armour’s work culture is centered around sustainability, diversity, and charitable contributions (Under Armour Careers, n.d.). The company strives to help United States soldiers, veterans, and first responders. Due to the work culture and charitable goals of the company, Under Armour often uses its love for military and first responders in shaping its strategic planning and marketing goals (Weedon, 2012).

Under Armour has a traditional management structure for a large company. Its code of conduct is what makes its structure and decision-making process unique. The official code of conduct begins with a letter from the company’s CEO. Here is an excerpt from that letter:

As Under Armour teammates, we make key decisions every day to support the Brand. Some decisions are easy, and some can be pretty tough. Either way, it is essential that every choice we make reflects our Vision, Mission and Values, and respects the laws in every location where we do business. To ensure that we always make smart choices for our business, we created the official Under Armour Code of Conduct, and its message couldn’t be more clear. As a TEAM, we should always Make the Right Call and do what’s best for our fellow teammates and for the Brand. -Kevin Plank Chairman and CEO Under Armour

Another excerpt of interest includes the company’s stance on consumer data:


We’re committed to protecting the privacy of our consumers’ personal data everywhere. Under Armour’s Privacy Policies address our commitment to collecting, storing and using this information. We handle the storage, access and transfer of personal data in accordance with applicable laws. If teammates hear about or suspect any data incidents, immediately contact the Data Incident Response Team. (Under Armour Code of Conduct, 2019)

Key Terms in this Chapter

MyFitnesspal: A website and a phone application designed to help individuals reach their weight goals. The program is considered a health-tracking app.

Encryption: The process of masking information so that only authorized parties may view the true message or information.

Crisis Model: A theoretical model that helps a company to deal with a crisis or disaster.

Textual Analysis: A methodology that is used often in media studies. It is the process of performing an educated guess at the most likely interpretations of a text. A textual analysis is one way to interpret reality.

Hashed Password: A password that has been processed through an encryption algorithm.

SHA-1: A password hashing function that takes information and creates a 160-bit hash value.

Bcrypt: A password hashing function based on the Blowfish cipher and is also an adaptive function.

Fearn-Banks’ Five Stages of Crisis Model: A theoretical crisis model with five parts. These parts include the stages of examining the detection state, prevention/preparation, containment, recovery, and learning.

Case Study: A model used for understanding a significant issue, usually done through analyzing text.

Complete Chapter List

Search this Book: