Cyber extortion group WorldLeaks claimed responsibility for stealing and publishing approximately 1.4 terabytes of Nike’s internal data in January 2026. The group posted over 188,000 files on its leak site before Nike confirmed it had launched a full investigation into the potential cybersecurity incident.
The exposed material appears to centre on design, manufacturing, and supply chain documentation rather than customer records. Filenames reviewed by security researchers pointed to product development workflows, factory details, material specifications, and operational files spanning recent years. Nike stated that it takes consumer privacy and data security very seriously and actively assesses the situation.
Attackers followed a common double-extortion pattern. They exfiltrated valuable intellectual property first, then threatened further release unless demands were met. The volume of data, equivalent to hundreds of millions of document pages suggests sustained network access rather than a fleeting intrusion.
Nike has not confirmed the exact nature or scope of the compromise. Independent analysis of leaked samples indicates the files relate to business operations, including research and development assets critical to the company’s competitive edge. The incident adds to a pattern of attacks on major brands where trade secrets become prime targets.
Organisations across industries now face attackers who prioritise data theft over encryption alone. This shift raises the stakes for protecting proprietary information that fuels innovation and market leadership.
What hidden vulnerabilities in global supply chains and design processes might this breach expose, and which other iconic brands could face similar scrutiny next?
Author:Oje. Ese