Adidas Customer Data Compromised in Third-Party Breach

Adidas has recently reported a data breach involving customer information following a cyber-attack that targeted a third-party service provider. The breach primarily involves contact details of customers who previously interacted with Adidas’s customer service. This includes names, email addresses, and phone numbers.

The company clarified that no sensitive financial information, such as passwords or credit card details, was compromised. In a statement released on May 23, Adidas acknowledged the unauthorized access to certain consumer data and mentioned that they have initiated measures to contain the situation while conducting a thorough investigation in collaboration with information security experts.

Details regarding the total number of affected individuals or specific regional impacts remain undisclosed. Adidas is in the process of notifying potentially impacted customers, as well as informing relevant data protection authorities and law enforcement agencies.

The statement emphasized the company’s commitment to consumer privacy and security, expressing regret over any inconvenience caused by the incident.

Retail Supply Chains Under Increasing Threat

This data breach at Adidas follows a series of ransomware attacks on several major UK retailers, including Marks and Spencer (M&S), The Co-op, and Harrods. Both M&S and The Co-op have confirmed that customer data was accessed by attackers linked to the Scattered Spider ransomware group.

The proximity of these incidents has prompted speculation regarding potential connections through a common supplier or software provider. Reports indicate that Tata Consultancy Services is undertaking an internal investigation to ascertain if it facilitated the cyber-attack on M&S.

Spencer Starkey, Executive VP of EMEA at SonicWall, commented on the growing threat landscape, attributing the rise in attacks to factors such as rapid digitization across industries, increased reliance on third-party systems, and the emergence of organized cybercriminal groups. He noted that in sectors like retail, the complexity of digital ecosystems, coupled with outdated infrastructure and fragmented cybersecurity defenses, creates vulnerabilities for attackers.

In the case of Adidas, while the breach did not compromise customers’ Social Security numbers, the stolen contact information may be exploited for follow-on phishing attempts. Chris Hauk, a Consumer Privacy Advocate at Pixel Privacy, suggested that affected customers should remain vigilant against potential phishing emails and avoid clicking on links or attachments from unsolicited communications. He also recommended taking advantage of any credit monitoring services offered by Adidas as an additional protective measure.