Adidas has confirmed a data breach after attackers accessed customer information held by a third-party service provider used for handling support inquiries.
The breach, disclosed on May 23, affects individuals who previously contacted the company’s customer helpdesk, though Adidas insists that no passwords, credit card numbers, or payment information were compromised.
The sportswear brand said the stolen data “mainly consists of contact information,” potentially including names, email addresses, and order numbers, details commonly submitted when reaching out for customer support. While Adidas declined to share how many customers were impacted or the specific countries involved, a spokesperson acknowledged that consumers from “different countries” had been affected.
Adidas says it moved quickly to contain the breach and has launched a full investigation in partnership with cybersecurity experts. The company is now in the process of notifying affected customers and has informed relevant data protection and law enforcement authorities, as legally required.
While Adidas hasn’t publicly speculated on follow-up risks, cybersecurity analysts warn that even limited personal data can be used to craft convincing phishing emails, especially ones that appear to reference legitimate order issues or support conversations.
This incident adds Adidas to a growing list of major retailers facing cyber threats in recent weeks. UK-based retailers Marks & Spencer and Co-op have also suffered recent breaches, prompting the National Cyber Security Centre (NCSC) to issue a general warning to the retail sector earlier this month.
Though Adidas’ breach appears less damaging than high-profile cases like Coinbase’s recent incident, which involved ID photos and banking data, it shows a growing vulnerability in outsourced customer service systems.