- This Android tablet brings a $1,700 iPad Pro feature to the $400 price range - and it's just as good
- Hume's new EVI 3 model lets you customize AI voices - how to try it
- Nord Quantique claims error-correcting quantum physics breakthrough
- How Cisco is closing the gap on accessibility
- Your Asus router may be compromised - here's how to tell and what to do
Adidas Customer Data Stolen in Third-Party Attack
Adidas has disclosed that customer data was breached following a cyber-attack on a third-party.
The global sportswear giant said the data mainly consists of contact information relating to consumers who have contacted its customer service health desk in the past.
This includes names, email addresses and phone numbers.
No password, credit card or any other payment-related information was accessed by the attackers.
“Adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider. We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,” the firm wrote in a statement published on May 23.
No details have been provided on the number of individuals potentially impacted or whether they relate to a specific region.
The retailer is in the process of informing potentially affected customers, as well as appropriate data protection and law enforcement authorities.
“We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident,” Adidas added.
Retailers’ Supply Chains Under Attack
The Adidas data breach notification came shortly after three major UK retailers – Marks and Spencer (M&S), The Co-op and Harrods – were hit by a ransomware attack.
M&S and The Co-op have both disclosed that customer data was accessed by the attackers, believed to associated with the Scattered Spider ransomware gang.
With all three incidents occurring in a short space of time, experts have considered the possibility that they are all linked by a common supplier or software provider.
It was reported by the FT that IT firm Tata Consultancy Services is conducting an internal investigation to determine whether it was the gateway for the cyber-attack on M&S.
Commenting on the retail incidents, Spencer Starkey, Executive VP of EMEA at SonicWall, said: “The surge of attacks is driven by a perfect storm of factors: the rapid digitisation of industries, increased reliance on third-party systems, and the rise of financially motivated, highly organized cybercriminal groups. In sectors like retail, sprawling digital ecosystems, outdated infrastructure and fragmented cyber defenses create easy entry points.”
In the Adidas case, while it appears the breach did not expose customers’ Social Security numbers, the contact information stolen is likely to be used for follow-on phishing attacks.
Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, advised: “Affected customers need to stay alert for possible phishing emails and text, and should never click on links or open attachments in any unsolicited messages. Customers should also take advantage of any credit monitoring services that Adidas might offer to provide further protection against the bad guys.”
Image credit: Manuel Esteban / Shutterstock.com
