TL;DR
A California woman filed a class action against Nike alleging the company failed to secure customer data in a 1.4TB breach.
MSM Perspective
Legal and business outlets report the lawsuit focuses on negligence in both data protection and breach notification timing.
X Perspective
Security analysts say Nike's delayed notification compounded the damage and exposed customers to extended identity theft risk.
A California woman has filed a class action lawsuit against Nike in federal court, alleging the sportswear giant failed to adequately protect customer data in a January 2026 cyberattack that exposed 1.4 terabytes of internal information [1].
The ransomware group WorldLeaks claimed responsibility for the breach, publishing the stolen data on January 24 after adding Nike to its target list two days earlier [2]. Reuters reported that Nike confirmed it was investigating a possible data breach on January 26, though the company initially described the scope as under review [3].
The lawsuit alleges negligence and breach of contract, claiming Nike failed to encrypt sensitive data and then delayed notifying affected individuals, increasing their exposure to identity theft and fraud [4]. Bloomberg Law reported that the suit was filed in late March and seeks damages on behalf of thousands of potentially affected customers [5].
The breach included not only customer information but also unreleased sneaker designs, manufacturing details, and internal corporate data, according to security researchers who reviewed the published files. Security Boulevard described the incident as a case study in what happens when ransomware groups target trade secrets rather than just personal data [6].
Nike has not publicly disclosed the total number of affected individuals. The Oregonian reported that the lawsuit alleges Nike failed to take "adequate and reasonable" steps to protect the information it collected.
-- Theo Kaplan, Portland
Sources & X Posts
News Sources