Adidas Probes Data Breach Impacting 815,000 Customers

Adidas is currently investigating a potential data security incident linked to a third-party customer service provider. The company has clarified that its own IT systems, e-commerce platforms, and consumer data appear unaffected. This situation highlights the persistent cybersecurity challenges major corporations face, particularly concerning vulnerabilities within their extended network of partners and service providers.

An individual purporting to represent the Lapsus$ Group posted on a hacking forum, claiming responsibility for breaching the sportswear company’s extranet. The alleged stolen dataset reportedly contains 815,000 rows of customer information, including sensitive details such as names, email addresses, passwords, birthdays, and company names. The post also mentioned the theft of technical data. Lapsus$ is associated with the broader hacker collective known as Scattered Lapsus$ Hunters, a group recognized for employing sophisticated social engineering tactics to gain unauthorized access. If these claims are verified, Adidas would become the latest in a series of prominent organizations targeted by this collective in recent years.

This incident marks another cybersecurity event for the global brand. In a separate occurrence in May 2025, Adidas had to notify customers that their personal information was compromised. That breach also stemmed from an unauthorized individual accessing a system managed by an external third party, underscoring a recurring theme of risks introduced through the supply chain. The repeated nature of such incidents emphasizes the critical need for robust security protocols not only within a company’s direct operations but across its entire ecosystem of vendors and partners. Businesses are increasingly urged to conduct rigorous security assessments of all external entities that handle sensitive customer data to prevent similar exposures.

(Source: HelpNet Security)