Adidas Hit by Cyber Attack: Customer Data Stolen, but No Financial Fallout

• Adidas’s announcement about a cyber-attack on 27 May 2025, when hackers attempted to steal contact details of customers, such as names and email addresses, from a third-party customer service provider, stated that no financial data was stolen.
• Affected customers are being notified, and investigations are ongoing, while experts warn of the phishing risks and urge all to be wary of any suspicious communication.

In a bit of a shocker for sports fans and sneakerheads alike, Adidas has confirmed that hackers have nabbed some customer data in a recent cyberattack. The German sportswear giant revealed the breach stemmed from a third-party customer service provider, but don’t panic just yet—your bank account is safe. Here’s the lowdown on what happened, what it means for you, and how Adidas is tackling the mess.

What Went Down?

Adidas dropped the news on 27 May 2025, stating, “Adidas recently became aware that an unauthorised external party obtained certain consumer data through a third-party customer service provider.” The attack targeted folks who’d reached out to Adidas’ customer service desk, with hackers snagging contact details like names, email addresses, phone numbers, and possibly home addresses or birthdates. The good news? “We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts.”

Thankfully, Adidas assures us that no passwords, credit card numbers, or payment details were compromised. So, while it’s a headache, it’s not a full-blown wallet-emptying disaster. The company is keeping tight-lipped about the exact number of affected customers or the name of the third-party provider, but they’re in the process of notifying those impacted and alerting the proper authorities.

Why This Matters

This isn’t Adidas’ first brush with cyber trouble. Earlier in May 2025, the brand faced similar breaches in Turkey and South Korea, where customer data like names, emails, and birthdates was swiped from their customer service systems. It’s part of a worrying trend hitting the retail world, with big names like Marks & Spencer, Co-op, and Harrods also grappling with cyberattacks in recent weeks. M&S, for instance, took a £300 million hit from their breach, which caused some serious operational chaos.

The Adidas breach, though, seems less severe. The company insists it “has no operational impact”, meaning your local Adidas store isn’t shuttering anytime soon, and you can still snag those Ultraboosts without a hitch. But experts are waving a red flag, warning that stolen contact info could fuel phishing scams or social engineering attacks. As Javvad Malik from KnowBe4 put it, “While payment data wasn’t compromised, the theft of personal contact details poses risks for potential phishing or other social engineering attacks, so affected customers will need to be vigilant for any communication that appears to originate from Adidas.”

What Should You Do?

If you’ve ever rung up Adidas’ customer service or dropped them an email, keep your eyes peeled for dodgy messages. Cybercriminals love using stolen data to craft convincing phishing emails—think fake Adidas promotions or “urgent” account alerts. Here’s how to stay sharp:

• Double-check emails: If you get an email claiming to be from Adidas, don’t click any links until you’re sure it’s legit. Hover over links to see the real URL, or better yet, head straight to adidas.co.uk.
• Monitor your accounts: Even though no financial data was stolen, it’s worth keeping an eye on your bank statements for anything fishy.
• Update passwords: While Adidas says passwords weren’t hit, it’s never a bad idea to refresh your login details, especially if you reuse passwords (we’ve all been guilty of that!).

Cybersecurity pros also suggest staying wary of unsolicited calls or texts claiming to be from Adidas. If in doubt, contact the company directly through their official website.

The Bigger Picture

This breach shines a spotlight on a growing problem: third-party vulnerabilities. According to Verizon’s 2025 Data Breach Investigations Report, 30% of data breaches now stem from third-party sources, up from 15% the previous year. When big brands like Adidas outsource customer service, they’re only as strong as their weakest link. And right now, those links are looking pretty flimsy.

The retail sector’s been hit hard lately, with UK giants like M&S and Co-op reeling from similar attacks. Some experts reckon a cyber gang called Scattered Spider might be behind the M&S hack, though there’s no evidence they’re linked to Adidas’ woes. Still, it’s a stark reminder that even the biggest brands aren’t immune to cybercrime.

Adidas is stepping up, promising to tighten oversight of its third-party partners and beef up its cybersecurity. They’re also working with experts to get to the bottom of this breach and prevent a repeat. But as one cybersecurity bod noted on Reddit’s InfoSecNews, “the fallout could manifest in diminished consumer confidence if not handled transparently.”