Two breaches in one week put Adidas under scrutiny as customer data leaks raise concerns about systemic cybersecurity flaws.
Adidas has confirmed a second data breach in less than a week, this time affecting its operations in Turkey. The incident follows a similar breach reported by Adidas Korea on May 16th. According to local reports, unauthorized access to Adidas Turkey’s systems led to the exposure of customer data, including names, email addresses, phone numbers, and birth dates. The company has begun notifying affected customers.
While Adidas has not disclosed the method of attack or the total number of people affected, the breaches in both Turkey and Korea appear to share a common thread: they impacted customers who interacted with Adidas customer service. The pattern raises concerns about a broader, potentially global issue affecting the company’s regional systems.
In both incidents, Adidas stated that no financial or payment data was compromised. Still, the exposed personal information, particularly contact details and dates of birth, could be exploited for phishing, identity theft, or impersonation scams.
Adidas has not issued a global statement confirming whether the two breaches are connected. However, local media reports indicate that the company claimed the incident was limited in scope, assuring customers that no credit card or banking data was affected.
The company’s response so far has focused on direct outreach to potentially impacted individuals. As of now, Adidas has not publicly explained the root cause of either breach.
Two recent regional breaches have drawn attention to potential weaknesses in Adidas’s global cybersecurity framework, particularly within its customer service systems. As threat actors continue to pursue customer data for use in fraud and social engineering, even breaches that don’t involve financial information can present significant risks to consumers and brand trust.
In light of the growing prevalence of identity-based attacks, companies may need to reevaluate practices around system segmentation, employee access management, and incident disclosure across their global operations.
Leaked emails, phone numbers, and birth dates can be used for phishing, smishing (SMS scams), and impersonation attempts that trick victims into revealing sensitive information.
Customer service platforms often store large volumes of personal data and may have weaker security controls or third-party integrations, making them attractive to attackers.
While only Turkey and Korea are confirmed so far, the similarity of the breaches suggests other regions could be vulnerable if they share the same infrastructure or protocols.
Monitor for suspicious messages, avoid clicking on unknown links, enable two-factor authentication where possible, and consider placing a fraud alert on credit files.
It depends on the region. Many countries have data protection laws requiring prompt breach disclosure, especially if personal data exposure poses a risk to users.