Adidas has disclosed a data breach that exposed personal details of customers after a cyberattack targeted one of its external service providers. The incident, which occurred in May 2025, affected individuals who had previously contacted the company’s customer support.
What Information Was Leaked?
The breach involved unauthorized access to non-sensitive personal information. According to Adidas, the exposed data includes full names, email addresses and phone numbers.
The company emphasized that no account credentials, credit card numbers, or other sensitive financial details were compromised.
How Did It Happen?
An external threat actor exploited vulnerabilities in a third-party vendor’s systems. This vendor handles some of Adidas’ customer service operations, making it a potential backdoor for attackers to access user data.
Once the breach was identified, Adidas immediately took action to contain the threat. The company launched an internal investigation, brought in cybersecurity experts, and began notifying individuals who may have been affected. It also reported the incident to the relevant authorities.
What Can Consumers Do Now?
Although the breach didn’t involve financial data, the leak of contact details can still open the door to scams like phishing or social engineering. If you’ve reached out to Adidas customer support in recent months, it’s wise to:
- Be cautious with unexpected emails, especially those asking for personal information.
- Watch for suspicious activity in your online accounts.
- Avoid clicking on unfamiliar links in messages claiming to be from Adidas.
A Broader Cybersecurity Trend
This Adidas data breach is, unfortunately, not an isolated case. Adidas joins a growing list of major retailers hit by cyberattacks in recent years. Companies like Marks & Spencer and Co-op have faced similar challenges, underscoring how cybercriminals are increasingly targeting not just companies directly, but their third-party partners as well.
As the risks grow, cybersecurity experts stress the importance of stronger vetting processes for external vendors and continuous monitoring of digital ecosystems.
