Adidas discloses third-party data security breach
A global athletic footwear and apparel giant suffered a cyberattack which exploited a weakness in one of its service providers’ networks.
Germany-based Adidas has announced that it recently became aware an “unauthorized external party” obtained customer data through a third-party customer service provider.
According to Adidas, the affected data does not contain passwords, credit card or any other payment-related information. The brand said the data exposed in the breach mainly consists of contact information relating to consumers who had contacted its customer service help desk in the past
"We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts," Adidas said in a statement. "Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law."
Bleeping Computer reports that Adidas has not disclosed other facts relating to the breach, such as the name of the service provider, when it first discovered the incident, how many customers had data exposed, and whether the Adidas corporate network was compromised.
Adidas also reported a data breach earlier in May that exposed names, email addresses, phone numbers, birthdates, and addresses of consumers in Turkey and South Korea who contacted its customer service center prior to 2025, according to Bleeping Computer.
In June 2018, data from an estimated “few million” customers including contact information, usernames and encrypted passwords was stolen in a hack on the Adidas website. No credit card or fitness information was compromised.
[READ MORE: Adidas targeted by hackers]
"We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident," Adidas said in its public statement.
In an email to Chain Store Age, Sian John, CTO of cybersecurity consulting firm NCC Group, said the origination of this cyberattack through a third-party provider demonstrates the importance of retailers having oversight of their partners’ security activities.
"Global brands will be at the center of a vast network of third parties and they are only as strong as their weakest link, so they must collaborate with partners and suppliers to build a robust ecosystem around them," John said in the email. "Recent large-scale cyberattacks should encourage organizations to reassess their cybe security measures, both in-house and throughout their supply chains."
Even if retailers believe they are secure, John advises organizations to remain agile and review their measures on a regular basis to adapt to ongoing threats.
"When it comes to supply chain security specifically, there should be a thorough vetting process at the outset, with regular reviews throughout the relationship to ensure businesses don’t unknowingly leave themselves open to attack," John concluded.
