26th January 2026 Cyber Update: Nike Investigates Massive Data Breach by WorldLeaks

Cyber News Centre's cyber update for 26th January 2026: Nike has confirmed it is investigating a major cybersecurity incident after the WorldLeaks ransomware group claimed to have stolen 1.4TB of sensitive data.

Nike, Inc., the global athletic footwear and apparel giant headquartered in Beaverton, Oregon, is the world's largest supplier of athletic shoes and apparel, with annual revenues exceeding US$46 billion. The company operates a vast global network, including a significant retail and online presence in Australia.

The Update and Why It Matters

Update: Global athletic giant Nike is investigating a significant data breach after the WorldLeaks ransomware group claimed to have exfiltrated 1.4 terabytes of sensitive internal data. The group, a rebrand of the notorious Hunters International, listed Nike on its darknet leak site on January 22, 2026, and threatened to release the stolen files by January 24.

The massive data dump, comprising over 188,000 files, reportedly includes highly sensitive intellectual property, such as design schematics for the upcoming Jordan Brand SP27 collection, product tech packs, and bills of materials. Also exposed are supply chain details, including factory audits and manufacturing partner information, alongside internal documents from 2020 to 2026, such as strategic presentations and employee training materials.

Nike has acknowledged the incident, stating,

"We are investigating a potential cybersecurity incident and are actively assessing the situation."

The breach follows a pattern by WorldLeaks, which has shifted from traditional ransomware encryption to a pure data theft and extortion model, a tactic seen in its previous attacks on other major corporations.

Why it Matters: This breach represents a significant blow to Nike, exposing its core intellectual property and competitive strategy to rivals. The leak of future product designs, particularly for the highly anticipated Jordan Brand, could lead to counterfeit goods and erode market share.

Behind the attack is WorldLeaks, a cybercrime outfit that no longer uses ransomware. They’ve shifted entirely to extortion, stealing sensitive data and threatening to publish it unless they get paid. The group rebranded in 2025 from Hunter International, a ransomware gang active since 2023. After law enforcement started closing in, they dropped file encryption altogether and moved to this quieter but far more damaging approach. They’ve already claimed hundreds of victims.

For Australian shoppers, the big question is whether personal information was caught up in the leak. So far, it’s unclear how much customer data, if any, was compromised. But even if it wasn’t, the ripple effects are real. The theft of supply chain details could disrupt manufacturing and distribution, potentially affecting everything from sneaker launches to shelf availability in Australia.

More broadly, this incident shows how cyber threats are evolving. Instead of crashing systems, groups like WorldLeaks are weaponising trust itself, undermining confidence in brands and quietly siphoning value through stolen secrets. And that’s a much harder kind of damage to fix.

Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.