May 28th 2025
Sportswear and leisure clothing giant Adidas has confirmed it has suffered a data breach in which customer contact details were accessed by cybercriminals, prompting advice to customers from Get Safe Online.
According to a statement from the company, the compromised data relates primarily to individuals who had previously interacted with Adidas’ customer support team. However, the company emphasised that sensitive financial information—such as credit card numbers and login credentials—was not affected.
In a post on its website, Adidas said: “We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident.” The company said it is notifying those whose information may have been exposed and has reached out to both law enforcement and data protection regulators as required.
Tony Neate, CEO of Get Safe Online, advises: “The Adidas breach is the latest in a series of cyberattacks on household name retailers and is quite rightly causing grave concern with companies in the sector and their customers. If a retailer or other company you buy from or deal with suffers such a breach, we advise that you change your password to a new strong, secure and unique one, and be vigilant about any calls, emails or other messages claiming to be from either the affected company or someone claiming to be offering you compensation. It doesn’t take long and it’s infinitely better than being scammed.”
Lisa Barber from the UK consumer advocacy group Which? urged Adidas to maintain transparency and offer assistance to affected customers. She also advised individuals to monitor their financial accounts and credit reports for unusual activity, and to remain vigilant for phishing attempts that may exploit the incident.
The Adidas breach comes amid a broader wave of cyberattacks targeting major UK retailers. Recent victims have included Marks & Spencer, Co-op, and Harrods. While some of those cases have led to significant business disruption—M&S has reported estimated losses of £300 million—there is currently no evidence that Adidas has experienced similar operational impacts.
In its statement, Adidas attributed the breach to an unauthorised third party accessing data via an external customer service supplier. It says it acted swiftly to contain the issue and launched an internal investigation supported by cybersecurity specialists.
While speculation continues around the perpetrators of other retail breaches—including a group known as Scattered Spider—there is no indication that this outfit was involved in the Adidas incident. However, Adidas has acknowledged previous breaches affecting operations in Turkey and South Korea, though details remain limited.
The latest wave of cyberattacks, which began surfacing in April 2025, has raised alarm across the retail sector and prompted heightened scrutiny of cybersecurity practices among large corporations.
