In a significant data breach recently exposed, Adidas confirmed that sensitive customer information was compromised due to an attack on a third-party customer service provider, rather than its own internal systems. The unauthorized external party accessed data directly from the provider’s systems, taking advantage of previous customer interactions recorded in Adidas’s help desk archives. This breach, classified particularly as a third-party data compromise, raised immediate concerns regarding customer privacy and data security.
The information exposed included names, birthdates, phone numbers, email addresses, and some postal addresses of affected customers. Nevertheless, it is crucial to note that sensitive financial data, such as credit card information and passwords, remained secure and were not part of the breach. Sensitive information was reported as not compromised in Adidas’s public statement. Additionally, the affected data primarily consists of consumer contact information.
Sensitive customer information such as names and email addresses was exposed, but financial data remained secure and unaffected by the breach.
Adidas became aware of the incident and quickly initiated an investigation as they notified relevant authorities. The company released a public statement on May 23, 2025, confirming their awareness of the breach and outlining their customer notification process. Experts recommend implementing two-factor authentication for enhanced account security during such breaches.
Initially, customers in South Korea and Turkey were informed about the compromise. Investigations regarding potential impacts on customers in the United States and the European Union remain ongoing, with no official confirmation yet on the total number of affected individuals on a global scale. The breach only encompassed data from customers who interacted with the customer service until 2024, highlighting the particular timeframe of exposure.
In light of this incident, Adidas advised affected customers to maintain vigilance against identity theft and phishing attempts. Experts noted that the stolen data could be employed to craft targeted phishing campaigns or scams that impersonate the Adidas support team.
Customers of Adidas’s customer service should be particularly cautious regarding suspicious communications and were encouraged to report any phishing attempts to the company directly.
As investigations continue, the exact number and demographic of affected customers remain unclear, emphasizing the need for ongoing transparency and customer protection measures.
