Adidas Confirms Data Breach Through Third-Party Provider

Third-Party Provider Targeted

The breach occurred after an unauthorized party exploited vulnerabilities in a third-party customer service provider’s system. This allowed access to the contact data of users who had interacted with Adidas customer support.

The company has begun notifying affected customers and relevant data protection authorities, as required by regulations such as the General Data Protection Regulation (GDPR).

Retail Sector Faces Rising Cyber Threats

This incident is part of a growing trend in cyberattacks targeting large retailers through their supply chains. Similar breaches have recently hit companies like Marks & Spencer, Harrods, Co-Op, and Dior.

Third-party breaches now account for 30% of all data security incidents, up from 15% just a year ago, according to the 2025 Data Breach Investigations Report by Verizon. Cybercriminals often target smaller vendors or subcontractors to bypass the stronger defenses of large companies.

These types of attacks can have severe financial consequences. They often cause more damage than direct breaches due to business interruptions and harm to the company’s reputation.

Strengthening Consumer Data Protection

Under laws such as GDPR, organizations must respond quickly to data breaches involving third-party partners. Experts recommend adopting robust third-party risk management (TPRM) programs, which include regular security assessments, multi-factor authentication (MFA), and zero-trust security models.

Data Security Posture Management (DSPM) tools can help companies monitor vendor access and identify weaknesses before attackers do. Encryption standards like AES-256, commonly used in cloud services such as Microsoft Azure, help protect data even if it is accessed.

Security professionals stress the importance of using envelope encryption and limiting access to sensitive information across third-party services to reduce exposure.