Adidas reported a data breach involving a customer service provider. No passwords, credit card numbers, and payment-related details were affected during the data breach.
Cybercriminals had accessed customer data via a third-party customer service provider, while noting that the breach did not involve passwords or credit card data.
“We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,” the company said in a statement posted to its website. “Adidas is in the process of informing potentially affected consumers.”
According to the company, the data in question primarily consisted of contact information for customers who had been in touch with Adidas’ customer service help desk.
Adidas dealt with a series of data breaches, as per CyberDaily, one in South Korea and the other in Türkiye.
The cyberattack on Adidas is happening at a time when nearly a third of data breaches involve a third party, as covered here earlier this month.
Findings from the Verizon 2025 Data Breach Investigations Report showed that 30% of breaches during the year ending Oct. 31 involved a third party, up from 15% the prior year.
The report added that third parties such as suppliers, vendors, hosting partners and outsourced IT support providers function as custodians to companies’ data and uphold crucial parts of those organizations’ operations.
Verizon said in the report, “When you are working with a third party, you have to consider their security limitations as well as your own.” It also recommended that companies ask themselves when creating planning scenarios: “What happens if this partner is attacked?”
With third-party software and hardware continuing to be a major vector for attacks, businesses are taking a more stringent approach to supply chain risk management.
Currently, Adidas is notifying consumers who may have been impacted by the breach. It is also engaging with relevant data protection and law enforcement authorities in accordance with legal requirements.
“We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident,” Adidas expressed in their statement.
This security issue at Adidas surfaces while some UK retailers are grappling with the aftermath of cyber-attacks.
