Global sportswear giant Adidas has confirmed a data breach stemming from a cyber attack on one of its third-party customer service providers. The breach has exposed the personal information of customers who had previously contacted the brand's customer service help desk, raising concerns about potential phishing attacks and other social engineering exploits.

Adidas officially acknowledged the incident in a statement released on May 23, 2025, stating that an "unauthorized external party" had gained access to "certain consumer data." The company clarified that the affected data primarily consists of contact information, including names, email addresses, phone numbers, dates of birth, and postal addresses, belonging to customers who had contacted their customer service in the past. Sensitive information such as passwords, credit card details, and other payment-related data were reportedly not compromised in the breach.

The company has initiated a comprehensive investigation into the incident, collaborating with leading information security experts to contain the damage and determine the full extent of the breach. Adidas has also stated that it is in the process of notifying potentially affected customers, as well as relevant data protection and law enforcement authorities, in accordance with applicable laws.

While the exact number of affected customers remains undisclosed, the breach has triggered widespread concern among consumers and cybersecurity experts. Javvad Malik, lead security awareness advocate at KnowBe4, warned that the theft of personal contact details poses risks for potential phishing or other social engineering attacks. He advised affected customers to be vigilant for any communications which appear to originate from Adidas, urging them to scrutinize emails and messages for suspicious links or requests for personal information.

This is not the first time Adidas has been targeted by cybercriminals. Earlier in May 2025, the company disclosed a similar incident affecting customers in Turkey and South Korea, where contact information was stolen from individuals who had contacted its customer service center. These recurring incidents highlight the growing cybersecurity threats facing global brands and the importance of robust data protection measures.

The Adidas data breach is the latest in a string of cyber attacks targeting major retailers in recent weeks. Marks & Spencer (M&S) and Co-op have also recently experienced significant breaches, with M&S estimating a loss of approximately £300 million due to a ransomware attack. These incidents have prompted the National Cyber Security Centre (NCSC) to issue an alert, warning other retailers to be vigilant and strengthen their cybersecurity defenses.

In light of the Adidas data breach, consumers are advised to take the following precautions:

• Be wary of phishing emails: Be cautious of any unsolicited emails or messages that appear to be from Adidas, especially those asking for personal information or directing you to click on links.
• Monitor your accounts: Keep a close eye on your bank accounts and credit reports for any suspicious activity.
• Change your passwords: If you use the same password for multiple accounts, consider changing them, especially for sensitive accounts like banking and email.
• Enable two-factor authentication: Add an extra layer of security to your online accounts by enabling two-factor authentication where available.
• Stay informed: Keep up-to-date with the latest cybersecurity threats and scams by following reputable security news sources.

Adidas has assured its customers that it remains fully committed to protecting their privacy and security and sincerely regrets any inconvenience or concern caused by this incident. However, the breach serves as a stark reminder of the ever-present threat of cyber attacks and the importance of taking proactive steps to safeguard personal information online.