Nike
Analysis of the Nike data breach with 1.4TB of internal design and manufacturing data claimed stolen by WorldLeaks.
Published by the Scrutex.ai Research Team | January 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Nike
American multinational athletic footwear and apparel corporation, one of the world's largest sports brands.
Sector
Retail / Apparel
Region
United States
Date of Incident
January 22-24, 2026
Date Disclosed
January 26, 2026
Estimated Impact
Unknown (1.4TB of data)
Data Types Exposed
Product design files, technical packs, bills of materials, prototypes, schematics, factory audits, partner information, strategic presentations
Attack Type
Data Breach
Attack Vector
Claimed data exfiltration and extortion
Threat Actor
WorldLeaks (believed to be a rebrand of Hunters International, with possible ties to dismantled Hive ransomware)
Current Status
Under investigation. Nike confirmed investigating but not validated claims. No customer PII observed in leaked data.
Severity Assessment
High for corporate espionage risk. 1.4TB of internal design and manufacturing data spanning 2020-2026 allegedly exposed, including 189,000 files (as claimed by WorldLeaks). No consumer PII identified.
What Happened
In January 2026, the WorldLeaks group claimed to have stolen 1.4TB of internal Nike data including files on design and manufacturing.
The incident represents a corporate espionage risk rather than a consumer data breach. The investigation is ongoing.
Timeline
January 22-24, 2026
WorldLeaks group claims to exfiltrate 1.4TB of data from Nike systems
January 26, 2026
WorldLeaks publishes data; Nike confirms it is investigating the claims
Threat Actor Profile
WorldLeaks is believed to be a rebrand of Hunters International, which itself has possible ties to the dismantled Hive ransomware operation.
The group focuses on data exfiltration and extortion rather than traditional ransomware encryption, threatening to publish allegedly stolen data if demands are not met.
Impact and Risk Assessment
For Affected Individuals
No consumer PII has been identified in the leaked data. The impact is primarily corporate rather than consumer-facing.
Factory workers and business partners identified in audit reports and partnership documents may have some personal details exposed.
For Organisations
The claimed 1.4TB of internal data spanning 2020-2026 allegedly includes 189,000 files covering product designs, prototypes, bills of materials, and strategic presentations.
If authenticated, competitors could gain significant advantage from access to Nike's product pipeline, manufacturing processes, and strategic plans.
Factory audit reports and partner information may affect Nike's supplier relationships and manufacturing agreements.
Regulatory Context
As the breach primarily involves trade secrets and corporate data rather than consumer PII, traditional data breach notification laws may not apply. However, SEC disclosure requirements for material cybersecurity incidents apply to publicly traded companies.
What Should You Do?
If You Are a Potentially Affected Individual
No immediate action is required for Nike customers, as no consumer PII has been identified in the leaked data.
If You Are a Security or Risk Professional
Apply data classification and access controls to protect trade secrets and proprietary information. Internal design and manufacturing data should receive the same protective rigour as customer data.
Monitor for competitive intelligence exploitation and consider engaging intellectual property counsel if your organisation's confidential data may have been included in the leak.
Learnings and Recommendations
Internal design and manufacturing data theft poses competitive intelligence risks. Organisations should apply data classification and access controls to protect trade secrets and proprietary information.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.