Millions of adidas customers have had their personal detail stolen, the leisurewear company reported late Thursday, saying it became aware of the issue on June 26.
“On June 26, adidas became aware that an unauthorized party claims to have acquired limited data associated with certain adidas consumers.”
“According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords.”
“adidas has no reason to believe that any credit card or fitness information of those consumers was impacted,” the company said in a statement, adding in an email that some two million in the US may have been affected.
The breach comes a week after a widespread phishing campaign targeted adidas fans, saying that to celebrate its 69th anniversary, the sports company was giving away 2,500 pairs of shoes to users who filled out a four-question survey – which included payment details and requested a $1 donation.
David Ross, VP of Research at SecureAuth + Core Security said in a statement emailed to Computer Business Review: “Retailers will continue to be prime targets for attackers due to the valuable nature of personal and payment data they hold.”
He added: “Far too often, we see organisations creating “security silos” by approaching network and endpoint security separately from identity management initiatives, which limits their ability to mitigate risks and detect breaches. Customers who have shared contact information including addresses, email addresses, and login information, should immediately reset passwords on other accounts where they may have reused the same password. They should also be vigilant to help mitigate the potential effects of identity theft.”
“With 81 percent of data breaches attributed to attackers walking through the front door with stolen credentials, breaches where login information is stolen can have an equal negative impact on businesses as they do on consumers. Retailers should employ identity and access management solutions that provides the strongest protection while balancing a frictionless user experience.”
adidas said it is working with leading data security firms and law enforcement authorities to investigate the issue.