Sportswear giant Adidas has announced it was the target of a cyberattack that resulted in the theft of customer personal information.
The company stated that “certain consumer data,” primarily consisting of contact information for individuals who had interacted with its help desk, was compromised.
Adidas assured customers that passwords, credit card details, and other payment data were not affected.
In a statement on its website, Adidas expressed regret for any inconvenience or concern caused, reiterating its commitment to consumer privacy and security.
Lisa Barber from the consumer group Which? said it is important that Adidas provides “clear and timely updates to affected shoppers and supports them in taking steps to protect themselves.”
She advised potentially affected individuals to closely monitor bank accounts and credit reports for suspicious activity and to be wary of unsolicited phone calls, emails, or social media messages claiming to be related to the hack, as these could be scam attempts.
The breach occurred through a third-party customer service provider.
Adidas stated it “immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts.”
The company is in the process of informing potentially affected consumers and relevant data protection and law enforcement authorities.
This incident follows a series of cyberattacks targeting other retailers, including Marks & Spencer, Co-op and Harrods.
The UK police are reportedly investigating the notorious English-speaking hacking group, Scattered Spider, as potentially being behind the M&S cyberattack.
This group is also believed to be responsible for breaches at Co-op and Harrods.
However, there is no suggestion that Scattered Spider is involved in the Adidas data breach.
Adidas had previously disclosed data breaches in other parts of its global operations, including its Turkish and South Korean arms.
Earlier this month, Adidas Turkey informed customers that an unauthorized individual gained access to personal data. The breach, which Adidas Turkey communicated via email, affected customers who have previously interacted with their customer service.
The compromised data reportedly includes full names, phone numbers, dates of birth, gender details, and email addresses. Importantly, Adidas Turkey stated that no financial information, such as credit card details, was accessed during the incident.
The revelation follows a similar message from Adidas Korea on May 16, where comparable personal data was accessed from customers who had contacted their customer service, also without any financial data being compromised.
Neither Adidas Turkey nor Adidas Korea has disclosed the nature of the cyberattack or the total number of individuals affected.
In light of the breaches, both Adidas Turkey and Adidas Korea advised customers to exercise caution and remain vigilant against potential phishing attempts, scams, or other cyberattacks. As of now, there have been no reported cases of the exfiltrated data being misused.
Earlier this month, French fashion house Dior disclosed that customer data was compromised in a cyber attack. The LVMH subsidiary said that unauthorized parties accessed its customer database, though it assured clients that no financial information was exposed.
