Two breaches in one week put Adidas under scrutiny as customer data leaks raise concerns about systemic cybersecurity flaws.
What happened
Adidas has confirmed a second data breach in less than a week, this time affecting its operations in Turkey. The incident follows a similar breach reported by Adidas Korea on May 16th. According to local reports, unauthorized access to Adidas Turkey’s systems led to the exposure of customer data, including names, email addresses, phone numbers, and birth dates. The company has begun notifying affected customers.
Going deeper
While Adidas has not disclosed the method of attack or the total number of people affected, the breaches in both Turkey and Korea appear to share a common thread: they impacted customers who interacted with Adidas customer service. The pattern raises concerns about a broader, potentially global issue affecting the company’s regional systems.
In both incidents, Adidas stated that no financial or payment data was compromised. Still, the exposed personal information, particularly contact details and dates of birth, could be exploited for phishing, identity theft, or impersonation scams.
What was said
Adidas has not issued a global statement confirming whether the two breaches are connected. However, local media reports indicate that the company claimed the incident was limited in scope, assuring customers that no credit card or banking data was affected.
The company’s response so far has focused on direct outreach to potentially impacted individuals. As of now, Adidas has not publicly explained the root cause of either breach.
The big picture
Two recent regional breaches have drawn attention to potential weaknesses in Adidas’s global cybersecurity framework, particularly within its customer service systems. As threat actors continue to pursue customer data for use in fraud and social engineering, even breaches that don’t involve financial information can present significant risks to consumers and brand trust.
In light of the growing prevalence of identity-based attacks, companies may need to reevaluate practices around system segmentation, employee access management, and incident disclosure across their global operations.
FAQs
What types of scams could result from leaked contact information?
Leaked emails, phone numbers, and birth dates can be used for phishing, smishing (SMS scams), and impersonation attempts that trick victims into revealing sensitive information.
Why might customer service systems be a common target?
Customer service platforms often store large volumes of personal data and may have weaker security controls or third-party integrations, making them attractive to attackers.
Are Adidas users in other regions at risk?
While only Turkey and Korea are confirmed so far, the similarity of the breaches suggests other regions could be vulnerable if they share the same infrastructure or protocols.
What can affected customers do to protect themselves?
Monitor for suspicious messages, avoid clicking on unknown links, enable two-factor authentication where possible, and consider placing a fraud alert on credit files.
Is Adidas legally required to notify global users if more breaches occur?
It depends on the region. Many countries have data protection laws requiring prompt breach disclosure, especially if personal data exposure poses a risk to users.
Farah Amod
