SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Adidas Data Breach Linked to Third-Party Vendor

Adidas said hackers accessed a “third-party customer service provider” and stole customer information.
Adidas data breach

Sneaker and sportswear giant Adidas disclosed a data breach this week after hackers accessed a “third-party customer service provider” and stole the contact information of customers who contacted the help desk in the past.

“We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts. The affected data does not contain passwords, credit card or any other payment-related information,” the company said.

The Herzogenaurach, Germany-based company said it was in the process of notifying the potentially affected customers and the relevant authorities, but has not shared details on the number of potentially affected individuals or on how the hack occurred.

Lingerie retailer Victoria’s Secret was also impacted by a cyber incident this week that forced it to take its website down on Wednesday. The site remains offline at the time of publication.

The two incidents came to light only weeks after UK retailers Co-op, Harrods, and Marks & Spencer (M&S) were targeted by the DragonForce ransomware group. The attack on M&S resulted in data theft and could cost the retailer roughly $400 million.

“Retailers have become high-value targets for cybercriminals, and recent breaches at Dior, M&S, Harrods, and Co-Op in the last month alone make it clear that this is more than just a passing trend,” said Ryan Sherstobitoff, SVP of Threat Research & Intelligence at SecurityScorecard. “These attacks are not isolated events; they represent a growing pattern exposing a deeper, systematic vulnerability within the retail industry. In this Adidas breach, attackers accessed data through a third-party provider, highlighting the threat of interconnected supply chains, which continue to be a major entryway for threat actors.” 

“While Adidas has claimed that the stolen data from this breach excludes any payment-related information, the data still remains highly valuable for threat actors to exploit for identity theft, phishing themes, and other fraudulent activities,” Sherstobitoff added.

Related: Google Warns UK Retailer Hackers Now Targeting US

Advertisement. Scroll to continue reading.
Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Rethinking Endpoint Hardening for Today’s Attack Landscape
On Demand

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Virtual Event: Cloud & Data Security Summit
July 16, 2025

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.