Adidas Investigates Potential Data Breach Involving 815,000 Customer Records
Adidas, the renowned sportswear company, is currently investigating a potential data breach that may have compromised approximately 815,000 customer records. The incident came to light when a threat actor, identified as LAPSUS-GROUP, claimed on BreachForums on February 16, 2026, to have accessed Adidas’s extranet portal without authorization.
Details of the Alleged Breach
The extranet portal in question is a secure web-based platform designed for Adidas’s authorized business partners, suppliers, and retailers to interact with the company. The threat actor alleges that the stolen data includes:
– First and last names
– Email addresses
– Passwords
– Birthdates
– Company information
– Additional technical data
Furthermore, the group hinted at more disclosures, stating, something bigger is coming, and claimed possession of approximately 420GB of Adidas-related data specific to the French market.
Adidas’s Response
In response to these allegations, an Adidas spokesperson informed The Register:
We have been made aware of a potential data protection incident at one of our independent licensing partners and distributor for martial arts products. This is an independent company with its own IT systems.
The company emphasized that there is no indication that Adidas’s internal IT infrastructure, e-commerce platforms, or consumer data have been affected by this incident.
Context and Previous Incidents
This is not the first time Adidas has faced challenges related to third-party data breaches. In May 2025, the company disclosed that an unauthorized party had accessed a third-party customer service provider’s systems, exposing contact details of customers who had previously reached out to Adidas’s helpdesk. Notably, that breach did not compromise passwords or financial data.
The recurrence of such incidents underscores the importance of robust supply chain security and vigilant vendor access management. As companies increasingly rely on third-party vendors and partners, ensuring these entities adhere to stringent security protocols becomes paramount.
Recommendations for Enhanced Security
To mitigate risks associated with third-party interactions, security experts advise organizations to:
– Enforce strict least-privilege access controls
– Mandate multi-factor authentication (MFA) for all third-party vendor interactions
– Conduct regular audits of partner-facing portals to identify and address potential vulnerabilities
By implementing these measures, companies can reduce their exposure to potential breaches stemming from third-party relationships.
Conclusion
As Adidas continues its investigation into the alleged data breach, the incident serves as a stark reminder of the evolving cybersecurity landscape and the need for comprehensive security strategies that encompass not only internal systems but also external partners and vendors. Organizations must remain vigilant and proactive in safeguarding sensitive data against unauthorized access and potential exploitation.
