adidas confirms cyberattack and data breach

adidas confirms cyberattack: Customer data compromised

The global sportswear brand adidas has confirmed that it was recently affected by a cyberattack that led to the exposure of customer data. The breach has raised new concerns about data security and the potential risks involved when companies rely on external service providers.

What happened?

adidas revealed that the breach occurred through a cyberattack on a third-party vendor that manages customer inquiries. The company became aware of the incident in early May and has since taken steps to investigate and notify the individuals affected.

According to adidas, the attackers gained access to personal data including names, email addresses, phone numbers, and physical mailing addresses. There is no indication that payment information or account passwords were accessed. However, the exposed contact information could still be used in phishing attempts or other types of social engineering attacks.

The risk of third-party providers

This incident highlights the increasing risk associated with outsourcing critical business functions to external partners. While Adidas’ own infrastructure was not compromised, the attack on a connected provider still gave cybercriminals a way to obtain sensitive data.

It is a reminder that the security of a company’s data is only as strong as the weakest link in its supply chain. Cybersecurity strategies must therefore include strict vendor assessments, access controls, and continuous monitoring of third-party services. You can learn more about how to prevent these types of incidents in our article on third-party data breaches.

Unfortunately, this is not the first time a major company has been affected through a third-party vendor. Similar breaches, such as the WK Kellogg data breach, show just how widespread and damaging these types of supply chain attacks can be.

adidas' response

adidas has acted swiftly to contain the breach and has launched a thorough investigation in collaboration with cybersecurity experts and relevant authorities. The company is working to strengthen security protocols and improve oversight of its partners.

Customers whose data was affected have been notified, and adidas is advising them to stay alert for suspicious emails or phone calls that may attempt to collect further personal information.

Part of a broader pattern

This type of breach reflects a growing pattern in which attackers target third-party service providers to bypass otherwise well-defended systems. As more organisations rely on external platforms for customer support, payment processing, and logistics, these services have become attractive entry points for cybercriminals.

The adidas incident follows a series of similar supply chain attacks seen across industries, underscoring the need for businesses to expand their security focus beyond their internal systems. To better understand how these attacks work and how to defend against them, read our guide on supply chain attacks.

The importance of awareness

For companies, this is a reminder to regularly audit vendor relationships and ensure that all external partners meet strict security standards. Transparency and quick response remain crucial for maintaining customer trust in the aftermath of an attack.

For consumers, it is important to stay cautious. Avoid clicking on unexpected links in emails and always verify the source of any communication that asks for personal information. While adidas has stated that payment data was not exposed, attackers could still use the leaked information to craft convincing phishing messages.