Adidas is currently investigating a data breach involving an independent partner that handles the company's martial arts product distribution. While hackers claim to have stolen over 800,000 rows of sensitive technical and personal data, Adidas maintains that its own internal systems and customer platforms remain secure.

The German sportswear giant recently acknowledged a potential security incident originating at a third-party licensing partner rather than within its own corporate network. This partner operates as an independent entity with its own isolated IT infrastructure, which Adidas claims has prevented the intrusion from spreading to its primary e-commerce sites. Despite the confirmation of the investigation, the company has stayed quiet regarding the specific timeline of the breach or the exact nature of the information that was accessed by the intruders.

Public reports of the cyberattack first surfaced in mid-February when individuals claiming to represent the Lapsus$ Group posted samples of the stolen data on a popular hacking forum. These digital thieves allege that they gained access to the company's extranet and made off with a database containing names, email addresses, passwords, and various technical documents. The group claims the haul is quite extensive, totaling hundreds of thousands of entries that could potentially compromise the privacy of those associated with the specific distributor.

This incident marks another chapter in a series of security challenges for the multinational corporation, following a similar event that occurred in May 2025. In that previous case, a separate third-party customer service provider was compromised, leading to the theft of consumer data and forcing the company to issue formal notifications to its user base. The recurring nature of these events highlights the ongoing risks large corporations face when delegating data management to external vendors and independent partners.

The group claiming responsibility, Lapsus$, is well-known in the cybersecurity world for its history of high-profile extortions and aggressive hacking tactics. Historically, the collective has targeted massive tech firms and telecommunications companies by using a sophisticated blend of social engineering and credential theft. Their methods often involve bypassing modern security measures by tricking employees or exploiting vulnerabilities in mobile authentication systems to gain deep access to corporate environments.

Law enforcement agencies have been tracking the activities of this group for several years, leading to multiple arrests of young individuals suspected of being core members. Despite these legal actions and the charging of several teenagers associated with the gang's earlier crime sprees, the brand name continues to appear in connection with significant data leaks. This latest investigation serves as a reminder of the persistent threat posed by decentralized hacking groups that target the weakest links in a global supply chain.

Source: Adidas Investigates Third-Party Breach After Hackers Claim Access