Adidas Confirms Data Breach Through Third-Party Vendor

Adidas has confirmed a data breach through a third-party vendor affecting customers who contacted its help desk. It seems every week brings news of a new cyberattack or data breach. This time, global sportswear giant Adidas has confirmed a breach at a third-party customer service provider, leaving “certain consumer data” exposed.

"Adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," Adidas says. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

What Data Was Exposed?

Adidas has stressed that the breach did not include passwords, credit cards, or any other payment-related information. Instead, the compromised data mainly consists of contact information of customers who had previously reached out to the Adidas customer service help desk. This may include:

• Full names

• Email addresses

• Phone numbers

• Physical addresses (if shared during support interactions)

• Gender and/or birth date in some cases

A spokesperson clarified, "We can confirm that it affects certain consumers who had contacted our customer help desk in different countries," but did not specify which regions or how many individuals were affected.

How Did Adidas Respond?

Adidas moved quickly to contain the incident and launched a comprehensive investigation with leading cybersecurity experts. The company is now notifying affected customers and has reported the issue to data protection and law enforcement authorities, as required by law.

"Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," it said.

The company also expressed regret:

"We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident."

The Risks: Phishing and Social Engineering

While no financial data was leaked, exposed contact information is still valuable to cybercriminals. After breaches like this, attackers often use stolen data for phishing scams and social engineering attacks:

• Be wary of unexpected phone calls, emails, or social media messages, as these could be phishing attempts from cybercriminals who have your information.

• Don’t click on suspicious links or provide personal information in response to unsolicited messages.

• Monitor your bank accounts and credit reports for any unusual activity.

As SAP Security Analyst Jonathan Stross warns:

"Affected customers should watch out for unsolicited messages, spam, and in general, unusual traffic. Attackers may use this to launch phishing attempts. Even though financial data wasn’t leaked, contact information can still be used for identity fraud."

A Pattern of Breaches

This is not the first time Adidas has dealt with data security issues:

• Earlier this month, Adidas disclosed similar breaches in Turkey and South Korea, impacting customers who contacted the help desk in 2024 or earlier. Stolen information included names, email addresses, phone numbers, birthdates, and addresses.

• In 2018, hackers accessed the US website, exposing contact information, usernames, and encrypted passwords of "a few million consumers."

What Should Customers Do?

If you’ve received communication regarding the breach or have contacted Adidas customer service in recent years:

• Stay alert for suspicious emails, texts, or calls.

• Don’t share sensitive information with anyone claiming to be from Adidas unless you verify their identity.

• Review your online account security: don’t reuse passwords across services, and consider using a password manager.

• Consider identity theft protection software or freezing your credit if you’re especially concerned.

Adidas reminds customers:

"As a reminder, Adidas will never directly contact you to ask that you provide us with financial information, such as your credit card details, bank account information or passwords."

The Bigger Picture: Third-Party Risks

This incident highlights the growing vulnerabilities of relying on external service providers. As cybersecurity experts note, a chain is only as strong as its weakest link, and even global brands like Adidas are at risk when their partners are compromised.

Javvad Malik, lead security awareness advocate at KnowBe4, summarized:

"Adidas's swift response and transparency are commendable... [but] the breach emphasises the need for rigorous oversight of third-party security."

Looking Forward

While Adidas acted quickly and no financial data was exposed, customers whose contact information was leaked should remain vigilant for phishing scams and identity fraud attempts. This breach is a reminder to always be cautious with your personal information and to keep your guard up, even when dealing with trusted brands.