Cyber Incident Victim: Adidas

Adidas announced on May 23 2025 that an unauthorized external party had accessed certain consumer data through a third‑party customer service provider. The breach was discovered after the external party obtained the data, and Adidas confirmed that the compromised information did not include passwords or credit‑card details. According to the company’s statement, the breached data primarily consisted of contact information belonging to consumers who had previously contacted its customer‑service help desk. Adidas emphasized that it immediately took steps to contain the incident and launched a comprehensive investigation. The investigation was carried out in collaboration with leading information‑security experts to determine the scope and origin of the unauthorized access.

As part of its response, Adidas began the process of informing potentially affected consumers about the breach. The company stated that the notification effort was underway to ensure transparency with those whose contact information may have been exposed. While the exact number of impacted individuals was not disclosed, Adidas indicated that the scope was limited to the contact data obtained via the third‑party provider. The containment measures implemented by Adidas aimed to prevent further unauthorized access and to secure the affected systems. No additional details regarding attacker methods, specific timelines of detection, or long‑term consequences were provided in the source material.