When Under Armour (UA 1.73%) (UAA 1.81%) spent $560 million to acquire two fitness apps in early 2015, let it suffice to say the move raised a few eyebrows on Wall Street. The purchase included $85 million for Endomondo, a Denmark-based app that had 20 million registered users, and $475 million for MyFitnessPal, a San Francisco-based app that boasted a whopping 80 million users at the time.
"[T]he market isn't quite sure what to think," I wrote the same day, noting that Under Armour's then-stellar 31% revenue growth had handily outpaced investors' expectations.
IMAGE SOURCE: GETTY IMAGES.
The upside? Combining those users with Under Armour's existing apps -- including its previous $150 million acquisition of MapMyFitness in late 2013 -- meant the company had built a connected fitness community with 120 million unique members, easily the world's largest of its kind. And it opened a wealth of possibilities for Under Armour to not only monetize those apps in the coming years, but also -- and more importantly, according to CEO Kevin Plank -- give it a massive channel through which the company could build the brand and get to know its customers even better.
Protect this (digital) house
Fast-forward to today, however, and Under Armour is facing a much different reality -- one punctuated by the stalled growth of its core North American business over the past year, driven by a difficult retail environment and multiple sporting goods chain bankruptcies.
But just as declining sales in North America began to stabilize, Under Armour's expensive connected fitness apps may have turned into an equally massive headache for the company.
Late Thursday, Under Armour announced that data from roughly 150 million MyFitnessPal accounts was compromised by an "unauthorized party" in February 2018. Under Armour says it first learned of the breach last week.
Shares plunged as much as 5% on Monday in response.
Perspective is in order
Still, we can be thankful that the breach didn't include government-issued identifiers (think Social Security numbers or driver's license numbers) or payment information. That data is stored in separate systems so was unaffected. But the unauthorized party did gain access to MapMyFitness usernames, email addresses, and hashed passwords -- much less valuable to hackers, but information that still could be put to malicious use.
So Under Armour promptly began notifying the MyFitnessPal community of the breach via email and in-app messages, and is requiring users to change their passwords. It's also working with leading data security firms and law enforcement to help investigate the issue.
To be fair, Under Armour is hardly the only big-name business to be targeted by hackers of late.
The news came only a day after Boeing announced that a small number of its machines had been infected with the notorious WannaCry computer virus. Boeing quickly deployed software patches to fix the issue, but not before spurring concerns that crucial aircraft production equipment might have been taken down.
Late last year, Equifax suffered a much more massive breach affecting nearly 148 million consumers, though the scope of that breach was much more severe as its stolen data included names, social security numbers, birth dates, home addresses, and driver's license numbers.
The bottom line
Under Armour's breach isn't doing it any favors as it works to return to sustained, profitable growth in North America -- something that competitor Nike only recently predicted will happen later this year. But it seems most likely that the fallout on Under Armour's core business will be minimal as its apps still don't generate meaningful revenue as a percentage of Under Armour's whole.
That's not to say Under Armour is completely out of the woods. This effectively illustrates the incremental challenges for a company that relies on physical products in maintaining a digital community of this magnitude. Under Armour is still investigating the issue as well, and will almost certainly have its work cut out for it to rebuild rapport with its app user base.
But in the end, I simply can't see the breach having a significant negative impact on Under Armour's long-term growth story. And I think investors would do well to take advantage of the brief pullback to open or add to their positions.
