Adidas confirms data breach through compromised third-party service provider

The German sportswear giant Adidas confirmed an apparently global data breach incident that occurred through a compromised third-party customer service provider. 

An unauthorized external party gained access to consumer data belonging to customers who had previously contacted the company's customer service help desk. Initially the incident was reported by Adidas Korea, and seemed to be localized to one country. 

On May 23, 2025 Adidas HQ reported the breach stating that it "immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts."

The breach specifically targeted a third-party customer service provider's systems, allowing attackers to access stored customer contact information. The exposed data includes:

• Names
• Email addresses
• Phone numbers
• Contact information
• Birthdates (in some cases)
• Physical addresses (in some cases)

The number of affected individuals has not been disclosed. The company has also not revealed the financial impact or estimated value of the stolen data. Additionally, the identity of the compromised third-party customer service provider remains undisclosed.

The company stated it is "in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law."