Adidas Customer Service Data Breach – May 2025

In May 2025, Adidas confirmed a data breach that exposed customer contact details through a third-party service provider. The compromised data was limited to information related to individuals who had previously interacted with the brand's customer service desk. Thankfully, no passwords or financial information were involved.

Initial access appears to have been gained through an unauthorised external actor exploiting weaknesses in a vendor-integrated support platform, a recurring weak link in today’s interconnected digital supply chains. The breach reflects a growing pattern where attackers sidestep enterprise-grade protections by pivoting through third parties with softer defences.

Adidas responded with containment measures and brought in security experts for an investigation, but specifics around the initial breach timeline or the scope of impacted records remain unclear. The company is in the process of notifying affected individuals and engaging regulators.

This incident follows a worrying trend in the retail sector, with M&S and Co-op suffering similar attacks recently, signalling that threat actors are now increasingly targeting retail operations not just for payment data, but also for system disruption and information that can aid social engineering.