ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Data Protection
#
Phishing
#
Physical Security

Adidas data breach highlights supply chain risk for retailers

Yesterday
Author image
By Kaleah Salmon, Journalist

Adidas has revealed that an unauthorised external party gained access to customer data following a breach involving one of its third-party customer service providers, marking the sportswear giant as the latest major retailer to be affected by a cyberattack. The disclosure places Adidas among a list of well-known retailers, such as Dior, Marks & Spencer, Harrods, and Co-Op, who have experienced similar breaches in recent weeks.

The company stated that although the compromised data does not include payment-related information, it does contain personally identifiable information (PII). This information can still be lucrative for cybercriminals, potentially exposing customers to fraud, identity theft, and phishing attempts. Adidas has urged its customers to remain vigilant for suspicious communications that could be linked to the breach.

Citing this incident, cybersecurity experts have pointed to a growing trend that highlights vulnerabilities within the retail sector. Ryan Sherstobitoff, Senior Vice President of Threat Research & Intelligence at SecurityScorecard, commented, "Retailers have become high-value targets for cybercriminals, and recent breaches at Dior, M&S, Harrods, and Co-Op in the last month alone make it clear that this is more than just a passing trend. These attacks are not isolated events; they represent a growing pattern exposing a deeper, systematic vulnerability within the retail industry."

Sherstobitoff emphasised the risks associated with the interconnected nature of supply chains, stating, "In this Adidas breach, attackers accessed data through a third-party provider, highlighting the threat of interconnected supply chains, which continue to be a major entryway for threat actors." He further explained that retailers typically handle extensive amounts of sensitive information—including PII, loyalty programme details, and, in many cases, payment credentials—making them attractive targets for cyberattacks.

He also noted that, despite the absence of payment data in this instance, the stolen information remains highly valuable for threat actors seeking to exploit it for criminal activities. "Adidas customers should stay vigilant for suspicious communications that attempt to exploit this breach under the pretense of legitimate communication," Sherstobitoff added.

Siân John, Chief Technology Officer at cybersecurity consulting firm NCC Group, reflected on the broader implications of the breach. She said, "Although it is unclear who is responsible for the Adidas attack, it has been confirmed that it originated through a third party provider. This demonstrates how critical it is for organisations to have oversight of their supplier cybersecurity posture."

John highlighted the importance for large organisations to collaborate closely with partners and suppliers in building a robust cybersecurity ecosystem. "Global brands will be at the centre of a vast network of third parties and they are only as strong as their weakest link, so they must collaborate with partners and suppliers to build a robust ecosystem around them."

Both experts agreed that the current landscape demands a shift in how retailers approach cybersecurity. John remarked, "Recent large-scale cyber attacks should encourage organisations to reassess their cybersecurity measures, both in-house and throughout their supply chains. Even if they believe they are secure, with methods of attacks constantly changing, it is key that organisations are agile, and review their measures on a regular basis to adapt to ongoing threats."

John advised that supply chain security should start with thorough vetting processes for third-party partners, coupled with regular reviews to identify and address potential gaps that may open businesses to future attacks.

Sherstobitoff concluded that retailers must adopt a proactive, multi-layered cybersecurity strategy that extends beyond their own internal systems to encompass the wider attack surface, including third-party vendors and supply chain partners. "Given the frequency and severity of recent attacks, security can no longer be a back-burner issue for retailers," he said.

The incident at Adidas serves as a reminder that in the digital age, the security of customer data hinges not only on a company's own defences but also on the vigilance and capabilities of every organisation in its supply chain.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Hacking Games & Immersive partner to train cyber talent
Salesforce to acquire Informatica for equity value of USD $8 billion
AI agents spark new enterprise security fears, report shows
Westcon-Comstor hits record USD $5.24 billion sales in FY25
Radiant Logic launches AI tool for identity visibility
Top stories
APJ region accelerates AI adoption as Dell rolls out new innovations
Teachers in Australia & New Zealand offered free Microsoft AI training
Bitdefender unveils upgrades to partner & MSP programmes
Experts warn of surge in Google, Apple, Microsoft breaches
Teradata & Fivetran team up to streamline data integration