Adidas Responds to Alleged Data Breach Involving External Service Provider

Sportswear manufacturer Adidas has addressed recent claims regarding a potential data breach involving an independent service provider. The incident came to light following assertions made on an underground forum by a cybercriminal group, which claimed to have accessed and copied a significant dataset related to Adidas from the extranet of an external partner.

The group, which has previously operated under various aliases and is associated with broader cybercriminal networks, stated that the compromised data set contains approximately 815,000 rows. The information allegedly includes first and last names, email addresses, passwords, dates of birth, and various technical details. The group also hinted that further data disclosures could occur in the future, though no specific evidence has been provided to support these assertions at this time.

In response to inquiries, Adidas confirmed that it has been made aware of a possible data security incident affecting an independent licensee and distributor specializing in martial arts products. The company clarified that the affected entity operates autonomously, maintaining its own IT infrastructure separate from Adidas's core systems. According to Adidas, there is no indication that its internal IT network, e-commerce platforms, or customer databases have been compromised as a result of this incident.

Adidas did not disclose the name of the external distributor involved or clarify the exact nature and scope of the potentially impacted data. The company noted that the licensee had access to certain information but refrained from commenting on the specifics until further investigations are completed.

The emergence of such claims has raised concerns about potential risks to individuals whose data may be involved. Should the data include names and email addresses in connection with Adidas, there is an increased risk of targeted phishing campaigns. Security experts advise recipients of any correspondence purporting to be from Adidas to exercise heightened caution and verify the authenticity of such messages before responding or providing personal information.

This is not the first time security incidents have been associated with the Adidas brand. In a prior case reported last year, unauthorized parties gained access to contact information of customers who had previously interacted with the company's customer service. That incident was also traced back to a third-party service provider, with Adidas confirming at the time that only contact details were involved, and the extent of the breach remained unclear.

The latest reports underscore the ongoing challenges that large organizations face in securing data managed by external partners. As companies increasingly rely on third-party vendors for specialized services, ensuring robust data protection and clear lines of responsibility is becoming ever more critical. Adidas has stated that it continues to monitor the situation and will provide updates as further information becomes available.

Customers and users are encouraged to remain vigilant, employ strong, unique passwords, and stay informed about best practices in online security to minimize the risk of unauthorized access to their personal information.