Thought Leadership
Cyber criminals have gained access to Adidas customer data via an external customer service provider.
Unknown persons obtained consumer data from the German sporting goods manufacturer via a compromised third-party customer service. According to Adidas, the information was primarily contact information of people who had already made inquiries to customer support: “Adidas recently discovered that an unauthorized external party obtained certain consumer data through a third-party customer service provider,” the company said. “We took immediate action to contain the incident and launched a comprehensive investigation, working with leading information security experts.”
Payment data remained untouched
Adidas gives the all-clear for sensitive information: “The affected data does not contain passwords, credit card or other payment-related information. It is mainly contact information of consumers who have contacted our customer service in the past.” The company “immediately took measures to contain the incident” after it became known and is working with security experts to clarify the situation.
The affected customers are currently being contacted by Adidas. At the same time, the company is cooperating with data protection authorities and investigators as required by law.
While companies often comprehensively secure their own systems, they have only limited influence on the security standards of their partners. A weakly secured third-party provider can thus become a gateway for attackers who gain access to the actual target systems via this “back door”.
