Adidas Data Breach Linked to Third-Party Vendor

Sneaker and sportswear giant Adidas disclosed a data breach this week after hackers accessed a “third-party customer service provider” and stole the contact information of customers who contacted the help desk in the past.

“We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts. The affected data does not contain passwords, credit card or any other payment-related information,” the company said.

The Herzogenaurach, Germany-based company said it was in the process of notifying the potentially affected customers and the relevant authorities, but has not shared details on the number of potentially affected individuals or on how the hack occurred.

Lingerie retailer Victoria’s Secret was also impacted by a cyber incident this week that forced it to take its website down on Wednesday. The site remains offline at the time of publication.

The two incidents came to light only weeks after UK retailers Co-op, Harrods, and Marks & Spencer (M&S) were targeted by the DragonForce ransomware group. The attack on M&S resulted in data theft and could cost the retailer roughly $400 million.

“Retailers have become high-value targets for cybercriminals, and recent breaches at Dior, M&S, Harrods, and Co-Op in the last month alone make it clear that this is more than just a passing trend,” said Ryan Sherstobitoff, SVP of Threat Research & Intelligence at SecurityScorecard. “These attacks are not isolated events; they represent a growing pattern exposing a deeper, systematic vulnerability within the retail industry. In this Adidas breach, attackers accessed data through a third-party provider, highlighting the threat of interconnected supply chains, which continue to be a major entryway for threat actors.” 

“While Adidas has claimed that the stolen data from this breach excludes any payment-related information, the data still remains highly valuable for threat actors to exploit for identity theft, phishing themes, and other fraudulent activities,” Sherstobitoff added.

Related: Google Warns UK Retailer Hackers Now Targeting US