The German sportswear giant recently disclosed that it suffered a data breach involving an external service provider. An unauthorized third party gained access to some consumer information, though passwords and banking details were not compromised.
Amazon co-founder MacKenzie Scott has donated over $19 billion to charity in just five years
Diamond batteries powered by nuclear waste promise 28,000 years of clean energy
A Breach Through a Subcontractor
Adidas announced in a statement that the security flaw originated from a customer service provider, not from an internal service. The exposed data primarily includes contact information (name, email address, phone number) of customers who had sought assistance from the brand in the past.
Adidas has reassured its customers: no passwords or credit card information were compromised in this incident. However, even contact data can be used for targeted phishing campaigns or digital scams when exploited on a large scale.
We immediately took steps to contain the incident and launched a comprehensive investigation in collaboration with information security experts,
stated the company, without providing further details. For now, no additional information has been released about the extent of the leak or the identity of the involved service provider.
How to Know If You’re Affected
The company has begun notifying potentially affected consumers. Users found in the compromised databases will receive, or have already received, emails or notifications to be sent in the coming days.
This incident highlights once again the risks associated with outsourcing customer services, often to third-party providers who may not always adhere to the same cybersecurity standards as the primary companies. Indeed, this pattern appears to repeat in most attacks over the past six months.
Adidas now joins the lengthy list of major brands impacted by data breaches through external vendors—a trend that is becoming increasingly common, especially in the e-commerce sector. In 2024, several players in tech and fashion had already faced similar breaches involving technical or logistical partners.
In 2024, the CNIL was notified of 5,629 personal data breaches, a 20% increase from the previous year. Beyond this significant growth, the most alarming trend is the surge in very large-scale breaches.
NASA warns China could slow Earth’s rotation with one simple move
This dog endured 27 hours of labor and gave birth to a record-breaking number of puppies
Unprecedented breaches that affected third-party payment operators, France Travail, and the company Free, among others, have been noted by the CNIL, along with a doubling in the number of breaches impacting more than a million people.
• 5,629 data breaches were notified to the CNIL in 2024
• +20% compared to the previous year