Adidas has confirmed a cyberattack that compromised customer information via a third-party service provider, making it the latest global retailer targeted in a growing wave of digital security breaches. While the incident did not expose passwords, credit card numbers, or payment data, it did involve customer contact information — particularly of those who had reached out to the company’s help desk.
The sportswear company said it is currently notifying affected individuals and working with data protection authorities and law enforcement in accordance with legal requirements. “We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident,” Adidas said in a statement.
The breach adds to a troubling pattern in 2025, where retailers appear increasingly vulnerable to cyberattacks exploiting third-party vendors. Earlier this year, several major UK companies, including Marks & Spencer, Harrods, and Co-op, experienced significant security incidents, many of which required taking systems offline. Fashion house Dior was also impacted, with leaked customer data fueling concerns about identity theft.
Though Adidas did not disclose the scale of the breach or the number of customers affected, security experts warn that even contact data can serve as an entry point for phishing scams, identity fraud, and other malicious activity. Customers are being urged to monitor their accounts closely and remain vigilant against suspicious emails or messages.
Cybersecurity analysts point to a broader industry trend fueling these incidents. Spencer Starkey, EVP at security firm SonicWall, says the convergence of rapid digital expansion, overreliance on third-party platforms, and sophisticated cybercriminal networks is creating a perfect storm for attacks. “Retailers often operate across fragmented systems and legacy infrastructure, making them prime targets. Threat actors are also increasingly exploiting social engineering and identity vulnerabilities,” Starkey noted.
While there is no evidence yet linking the Adidas breach to other recent incidents, the frequency of attacks suggests deeper systemic challenges. As brands continue to digitize customer engagement and rely on external service providers, the importance of robust, end-to-end cybersecurity measures — including vetting and monitoring third-party vendors — becomes increasingly clear.
The incident at Adidas underscores the evolving nature of retail risk in the digital age, where customer trust and data security are as critical as inventory or brand equity. For now, users who recently interacted with the company’s support channels may want to be especially cautious and consider taking proactive measures like updating passwords, enabling multifactor authentication, and watching for unusual account activity.
