Adidas has confirmed that an unauthorised external party accessed specific consumer data via a customer service provider operating on its behalf.
The sporting goods brand said that no passwords or payment data were affected and that the compromised data primarily consist of contact information from consumers who previously reached out to their customer service help desk.
The company said it promptly took action to stop the issue and initiated a thorough investigation with the help of top information security experts. Adidas added that it is notifying potentially affected consumers and relevant data protection and law enforcement authorities.
“We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident,” Adidas said.
This incident occurs amid a series of cyber attacks targeting other major retailers such as Marks & Spencer and Co-op. The attacks caused major operational disruptions, yet there is no evidence that Adidas has experienced a similar level of impact.
Multiple cyber incidents have been reported since April 2025, and certain experts noted that they may be connected. A hacking group called Scattered Spider, mostly made up of English-speaking teens and young adults, is suspected in the M&S cyber attack.
The group is believed to have been responsible for the Co-op and Harrods breaches, though M&S faced the most severe consequences. Currently, no indication has been found that Scattered Spider is linked to the Adidas data breach.
However, the company recently disclosed that data breaches also occurred within its operations in Turkey and South Korea.