Adidas Breach Hits US Retail Site

Written by

Adidas is warning customers of its US retail website that their personal details may have been compromised after a suspected data breach.

Reports suggest millions of customers could be affected by the data security incident, which the footwear giant said it first became aware of on June 26.

A brief statement on the incident claimed the firm is alerting “certain consumers” who purchased from the adidas.com/US site.

“Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers,” it said of the incident.

“Adidas is working with leading data security firms and law enforcement authorities to investigate the issue. According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted.”

Javvad Malik, security advocate at AlienVault, claimed the incident shows why firms need “strong monitoring and threat detection controls in place” so they can spot and respond to breaches in a timely manner.

“Without having monitoring controls in place, a company cannot say with certainty whether the claim of a breach is true or not,” he added. “This leads to any malicious party being able to claim that they have breached a company, even if they haven't, leading to unnecessary activity needing to be undertaken by the company and its customers, not to mention the potential lack of trust this creates."

The announcement is just the latest in a string of recent breach incidents including the likes of Ticketmaster UK and Under Armour.

“The Fort Knox approach of making your organization impenetrable simply doesn’t work today because so many third parties have access to your network,” argued Fred Kneip, CEO, at CyberGRX.

“It only takes a single vulnerability within any of those third parties to put sensitive data at risk.”

It’s unclear whether any EU citizens are affected by the breach, in which case the relevant GDPR regulators will be looking closely at the case.

What’s hot on Infosecurity Magazine?