Adidas discloses breach of third-party provider, customer data exfiltrated

What first appeared to be a data breach affecting two regional adidas locations has turned into a third-party incident affecting customers around the world.

German sportswear giant adidas has disclosed a cyber attack on one of its third-parties, leading to data being exfiltrated.

Following reports of two regional adidas data incidents, adidas Türkiye (Turkey) and adidas Korea, adidas has confirmed that a threat actor breached the systems of one of its third-party providers and exfiltrated Adidas data.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“adidas recently became aware that an unauthorised external party obtained certain consumer data through a third-party customer service provider,” it said in a statement.

“We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts.

“The affected data does not contain passwords, credit card or any other payment-related information. It mainly consists of contact information relating to consumers who had contacted our customer service help desk in the past.”

The previous regional data breach disclosures also stated that the exfiltrated data was that of customers who had contacted its customer service help desk. According to an email sent to customers by adidas Turkey, data included full names, phone numbers, dates of birth, gender details and email addresses.

VIEW ALL

However, adidas Turkey also said that no passwords or financial information was accessed.

Adidas has a massive international customer base. With operations across 50 countries, the adidas’ adiClub membership program has 303 million members. Additionally, 41 per cent of sneaker owners in the US own adidas. If the incident affects customers who have reached out to the help desk globally, the data of potentially millions could have been exposed.

In its latest statement, the company says it has begun notifying customers of the incident.

“Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law.

“We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident.”

Cyber Daily has not yet observed any threat actors taking responsibility for the incident.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Adidas discloses breach of third-party provider, customer data exfiltrated

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED