2026 breaches

HomeBlog2026 breaches

Tag: 2026 breaches

security professional reviewing network access logs on multiple monitors in a standard office environment
CategoriesBusiness,  Data Breaches,  Enterprise Security,  IT CyberSecurity,  Security

Nike Data Breach Exposes 1.4TB of Internal Data

Another Major Brand Falls to Sustained Network Intrusion

Nike has confirmed it’s investigating unauthorized access that resulted in approximately 1.4 terabytes of internal data being extracted from its systems. The scale of the extraction—1.4TB is roughly equivalent to 280 million pages of documents—signals this wasn’t a quick smash-and-grab. Someone had sustained access to Nike’s internal network long enough to locate, collect, and transfer a massive volume of files.

Take the 2-Minute Cybersecurity Assessment

centrexIT has helped businesses detect unauthorized access and protect internal systems since 2002. If you’re not sure who has access to your network right now, let’s find out together.

What 1.4TB of Data Actually Means

To put that volume in perspective: the average business email is about 75 kilobytes. At that size, 1.4TB represents roughly 18 million emails worth of data. Even if Nike’s stolen files were larger documents, spreadsheets, and databases, we’re still talking about millions of files.

That doesn’t happen in an afternoon. Extracting that volume of data requires time—time to identify valuable systems, time to navigate internal networks, time to compress and transfer files without triggering alerts. This pattern matches what security researchers call “sustained access,” where attackers establish persistent presence within a network before making their move.

The Uncomfortable Reality of Dwell Time

According to IBM’s 2025 Cost of a Data Breach Report, the average time to identify and contain a breach is 241 days—the lowest in nine years, but still more than six months of unauthorized access before anyone notices something is wrong.

Nike hasn’t disclosed when the unauthorized access began or how long attackers maintained presence. But the volume of data involved suggests this wasn’t a recent intrusion discovered quickly. More likely, someone was inside Nike’s network for weeks or months, quietly mapping systems and collecting files.

This is the pattern we see repeatedly: attackers gain initial access through compromised credentials, a vulnerable application, or a third-party vendor. Then they wait. They observe. They learn how the network operates, where valuable data lives, and how to move laterally without detection.

Third-Party Access: The Blind Spot

While Nike hasn’t confirmed the attack vector, security analysts note that many recent breaches share a common entry point: third-party access. Vendors, contractors, and partners often have legitimate credentials to access portions of an organization’s network. When those credentials are compromised—or when those third parties have weak security themselves—attackers get a free pass through the front door.

A January 2026 analysis from Strobes Security found that even when core platforms remain secure, connected systems like customer support tools, vendor portals, and legacy integrations often become the weakest entry points. Security programs focused only on primary applications miss the exposure created by everyone else who can log in.

What This Means for Your Business

Nike has resources most businesses can only imagine. Dedicated security teams. Enterprise detection tools. Compliance frameworks. And still, someone extracted 1.4TB of internal data.

The lesson isn’t that security is hopeless. The lesson is that traditional perimeter-focused security isn’t enough. You need visibility into who is accessing your systems right now. You need to know what “normal” looks like so you can spot “abnormal.” And you need to assume that someone, somewhere, is already testing your defenses.

Questions every business leader should be asking right now:

Who has access to your internal systems? Not just employees—vendors, contractors, former partners. Can you account for every credential that can log into your network?

How would you know if someone was inside your network today? Do you have monitoring that would detect unusual data movement? Would you notice someone downloading files at 2 AM?

When was your last access audit? Credentials accumulate over time. That contractor from three years ago might still have valid login information.

Take Our 2-Minute Security Assessment

centrexIT has helped businesses protect their networks and detect unauthorized access since 2002. If you’re not sure whether your current security would catch a sustained intrusion, let’s find out together.

Take the 2-Minute Cybersecurity Assessment

Sources