Adidas Data suffers data breach in Third Party Cyber Attack
On 23rd May, Adidas disclosed that it was the target of a sophisticated cyber attack resulting in a data breach.
Adidas reported that the breach occurred through a third-party customer service provider, allowing unauthorized access to certain consumer data. Adidas has confirmed that the compromised information primarily comprises contact details—such as names, email addresses, and phone numbers—of customers who had interacted with its support team, while sensitive data like passwords and payment information remain secure.
Despite requests, a list of the exact data points involved and the number of accounts/people affected have not been provided. Adidas has also not publicly disclosed the specific name of this third-party provider.
"Adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider. We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts.
The affected data does not contain passwords, credit card or any other payment-related information. It mainly consists of contact information relating to consumers who had contacted our customer service help desk in the past.
Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law.
We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident."
From a technical perspective, the incident underscores a significant vulnerability in the supply chain security of large organizations. Third-party vendors, which may not have the same level of cybersecurity controls as their client organization, can present an attack vector for cybercriminals. In this case, the breach highlights how an external party can exploit such vulnerabilities to gain access to data that might not be available through direct attack.
Adidas reported that they responded swiftly upon discovering the breach by isolating the affected systems and launching a comprehensive forensic investigation in collaboration with leading information security experts. The company has also initiated processes to notify potentially affected consumers and has reported the incident to the relevant data protection and law enforcement authorities.
Ultimately, the Adidas data breach serves as a reminder that vulnerabilities in ancillary systems can expose consumer data even if strong internal defenses ecist in the parent company. Organizations should extend their cybersecurity measures to cover all external partnerships, engage continuous vigilance, regular security audits, and require appropriate system hardening. As cyber threats become increasingly inventive, adopting proactive and holistic security strategies is essential for an effective security posture.
References
BBC
Irish Independent
MSN
forbes
techradar
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
GTS Security,
Exo Building,
North Wall Quay,
Dublin 1,
D01 W5Y2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Forum SPONSORS
Invitations for Annual Sponsorship of IISF has now reopened.
(your logo & profile link here)
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more
