When Under Armour announced the MyFitnessPal data breach, it quickly became one of the largest consumer data incidents in history. With over 150 million users affected, the breach ranked among the top 10 biggest globally. But beyond its massive scale, one key detail stood out: Under Armour waited four days after discovering the breach before notifying the public. Under today’s GDPR 72-hour notification rule, such a delay would be considered a major compliance failure, potenti