Adidas disclosed a cyber-attack in which hackers compromised the personal data of customers who had previously contacted the company’s customer service helpdesk. While the breach did not expose passwords, credit card details, or other payment information, it involved unauthorized access to personal data, raising concerns over potential misuse for identity fraud or targeted phishing. The company notified affected individuals via email, advising them on precautionary measures such as password changes and monitoring for suspicious activity. The incident highlights the risks of data exposure even when financial details remain secure, as stolen personal information can still be leveraged for secondary attacks like credential stuffing or social engineering scams. Adidas emphasized that only a subset of customers—those with prior helpdesk interactions—were impacted, but the breach underscores the broader vulnerability of customer support systems as entry points for cybercriminals.
TPRM report: https://www.rankiteo.com/company/adidas
"id": "adi852090225",
"linkid": "adidas",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Customers who contacted the '
'Adidas customer service '
'helpdesk (subset of total '
'customer base)',
'industry': 'Footwear and Sports Apparel',
'location': 'Global (specific regions not detailed)',
'name': 'Adidas',
'type': 'Corporation'}],
'customer_advisories': 'Affected customers were emailed with details about '
'the breach, FAQs, and optional free cybersecurity '
'support services.',
'data_breach': {'data_exfiltration': 'Yes (personal data stolen)',
'personally_identifiable_information': 'Yes (limited to '
'non-financial PII)',
'sensitivity_of_data': 'Moderate (no financial or payment '
'data exposed)',
'type_of_data_compromised': ['Personal information (e.g., '
'names, contact details)']},
'description': 'Adidas revealed that some of its customers’ personal '
'information had been stolen. The breach appears to affect '
'customers who had previously contacted the Adidas customer '
'service helpdesk. Passwords, credit card, and other payment '
'data were reportedly not compromised. Affected customers were '
'notified via email with guidance on next steps, including '
'potential access to free cybersecurity support services.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'loss of customer trust',
'data_compromised': ['Personal information (e.g., names, contact '
'details)'],
'identity_theft_risk': 'Moderate (personal data exposed, but no '
'financial or payment data)',
'payment_information_risk': 'None (payment data not compromised)'},
'recommendations': ['Change passwords for affected accounts immediately, '
'using strong, unique passwords (12+ characters with '
'mixed case, numbers, and symbols).',
'Enable two-step authentication for all critical '
'accounts.',
'Beware of phishing emails referencing the breach; verify '
'sender authenticity before clicking links or sharing '
'information.',
'Monitor credit records for signs of identity theft or '
'fraudulent activity.',
'Opt out of storing payment details with retailers to '
'minimize exposure in future breaches.'],
'references': [{'source': 'The Guardian',
'url': 'https://www.theguardian.com/money/2023/xx/xx/adidas-cyber-attack-customer-data-stolen'}],
'response': {'communication_strategy': 'Email notifications to affected '
'customers with FAQs and support '
'options',
'incident_response_plan_activated': 'Yes (customers notified via '
'email)',
'third_party_assistance': 'Potential free cybersecurity support '
'services offered to affected '
'customers'},
'title': 'Adidas Customer Data Breach',
'type': 'Data Breach'}