Adidas Admits Data Breach Following Third-Party Attack

Adidas is once again in the cybersecurity spotlight. This time the breach came through a side door. Attackers infiltrated a third-party customer service provider and accessed the contact information of Adidas customers, as reported by Bleeping Computer. This incident highlights a growing trend: hackers are increasingly targeting vendors to bypass the more robust defenses of global brands.

Adidas confirmed that names, email addresses and phone numbers of customers who contacted support were exposed. No payment or password data was compromised, but the information is a potential goldmine for phishing and social engineering attempts. The company has begun notifying affected users and has reported the breach to data protection regulators and law enforcement, as required by law.

This is not Adidas’ first data security incident. In 2018, the company suffered a breach affecting millions of U.S. customers. Adidas disclosed separate incidents in Turkey and South Korea, both involving third-party customer service providers and exposing similar personal data.

Why Hackers Target Third Parties

Cybercriminals have shifted tactics. Instead of attacking a company’s main network, they look for poorly guarded side doors. Third-party vendors often lack the robust security measures of the companies they serve, making them attractive targets.

Key factors fueling this trend include:

• Inconsistent security standards across vendors and subcontractors
• Vendors retaining access to sensitive data after contracts end
• Outdated technology and lack of real-time monitoring in many provider systems

Verizon’s 2025 Data Breach Investigations Report found that 30 percent of breaches last year involved external service providers, raising ongoing concerns around vendor risk management and security oversight.

Building Stronger Digital Defenses

Forward-thinking retailers are adopting new strategies to reduce third-party risk. Consider these best practices:

• Zero trust approach: Treat every vendor as a potential risk and limit data access to what is strictly necessary.
• Incident simulation: Regularly run exercises that mimic third-party breaches and test your response plans.
• Continuous vendor assessment: Use automated tools to monitor vendor security status throughout the year, not just during annual audits.

The Adidas breach is not an isolated event. It is a warning for the entire retail sector. As hackers become more sophisticated, companies must treat third-party risk as a top priority, not just a compliance issue.

Key takeaways for business leaders:

• Demand transparency and security metrics from every vendor.
• Tie executive performance to measurable improvements in third-party risk.
• Educate customers about the importance of enabling multi-factor authentication.

For businesses, remember that your security is only as strong as your weakest partner. The companies that thrive will be those that treat every link in their supply chain as a potential point of failure and act accordingly.