U.S. sports apparel maker Under Armour said the personal data of about 150 million users of its food and nutrition app and website MyFitnessPal was accessed by an “unauthorized” party in late February.
The company said it began been notifying users of the breach four days after it first became aware of the incident on Sunday.
The Baltimore-based retailer said it was working with authorities and data security firms to assist in the ongoing investigation.
“The investigation indicates that the affected information included usernames, email addresses, and hashed passwords,” the company said in a statement on Thursday.
“The affected data did not include government-issued identifiers (such as social security numbers and driver’s license numbers), which the company does not collect from users.”
It also said that customer’s payment data was not affected, because it collected and processed that information separately.
The company urged users of the program to change their passwords immediately and recommended other security steps that users could take to protect their information.
Shares of Under Armour fell three per cent in extended trading on the New York Stock Exchange.