{"id":12691,"date":"2025-05-30T19:06:13","date_gmt":"2025-05-30T13:36:13","guid":{"rendered":"https:\/\/threatcop.com\/blog\/?p=12691"},"modified":"2026-05-13T14:41:20","modified_gmt":"2026-05-13T09:11:20","slug":"adidas-got-breached-through-a-vendor","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/","title":{"rendered":"Adidas Confirms Data Breach Involving Third-Party Service Provider"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Are you sure that your customer service provider is secure? Adidas just learned the hard way that third-party vendors can be your <a href=\"https:\/\/threatcop.com\/blog\/weakest-link-in-cyber-security\/\">weakest cybersecurity link<\/a>. A recent data breach exposed the contact details of consumers across several countries.<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#What_Happened_with_Adidas\" >What Happened with Adidas?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#Why_This_Breach_Matters\" >Why This Breach Matters?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#Whats_the_Risk_from_%E2%80%9CJust%E2%80%9D_Contact_Info\" >What\u2019s the Risk from \u201cJust\u201d Contact Info?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#What_Can_You_Take_from_This_Attack\" >What Can You Take from This Attack?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#What_Can_You_Do_in_Your_Enterprise\" >What Can You Do in Your Enterprise?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#Concluding_Remarks\" >Concluding Remarks!<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">No ransomware. No major operational shutdowns. Just stolen contact info. And still, a wake-up call for every enterprise relying on external vendors (which is&#8230; pretty much all of us).<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">So what actually happened, and what can we learn from it? Let\u2019s walk through it.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Happened_with_Adidas\"><\/span><span style=\"color: #000000;\"><b>What Happened with Adidas?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">A third-party vendor that handles customer service inquiries for Adidas was breached. The attacker gained unauthorized access to consumer data from users who had reached out to Adidas support. Information consists of names, emails, and similar contact info.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">No passwords. No credit card numbers. But still valuable data for <a href=\"https:\/\/threatcop.com\/blog\/types-of-phishing-attacks\/\">phishing and social engineering attacks<\/a>.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The breach didn\u2019t just affect one region either. Reports mention Turkey, South Korea, and other global markets, though Adidas hasn&#8217;t confirmed exactly which countries.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">This isn&#8217;t Adidas\u2019s first rodeo, by the way. Back in 2018, a U.S.-based incident exposed user emails and encrypted passwords. So for them, and for all of us, it\u2019s a pattern worth paying attention to.<\/span><\/p>\n\n\n\n<!DOCTYPE html>\r\n<html lang=\"en\">\r\n\r\n<head>\r\n    <meta charset=\"UTF-8\">\r\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\r\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n    <title>Document<\/title>\r\n<\/head>\r\n\r\n<style>\r\n    .interestedBtn {\r\n        width: 80% !important;\r\n        box-sizing: border-box !important;\r\n        display: inline-block !important;\r\n        padding: 11px !important;\r\n        border: 1px !important;\r\n        border-color: #ddd !important;\r\n        margin-top: 10px !important;\r\n        background-color: #183e8b !important;\r\n        background-image: none !important;\r\n        text-shadow: none !important;\r\n        color: #fff !important;\r\n        font-size: 14px !important;\r\n        line-height: 20px !important;\r\n        border-radius: 5px !important;\r\n        margin: 0 !important;\r\n        cursor: pointer !important;\r\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\r\n    }\r\n\r\n\r\n        .formSec .formSecTwo{\r\n            padding-top: 15px !important;\r\n            margin-bottom: 30px !important;\r\n        }\r\n\r\n\r\n    .tnp-email {\r\n        width: 80% !important;\r\n        box-sizing: border-box;\r\n        padding: 8px 10px;\r\n        display: inline-block;\r\n        border: 1px solid #ced4da;\r\n        background: #fff;\r\n        color: #000 !important;\r\n        font-size: 13px;\r\n        line-height: 20px;\r\n        border-radius: 2px;\r\n        padding-right: 30px;\r\n        margin-bottom: 0px;\r\n    }\r\n\r\n    .formSec {\r\n        border: 1px solid #ced4da;\r\n        float: left !important;\r\n        width: 55% !important;\r\n    }\r\n\r\n    .mainBox {\r\n       \/* border: 1px solid #183e8b;*\/\r\n         background: white;\r\n        max-width: 600px !important;\r\n        margin: 0 auto !important;\r\n        padding: 20px !important;\r\n        font-family: Arial, Helvetica, sans-serif !important;\r\n    }\r\n\r\n    .boxDiv {\r\n        display: flex !important;\r\n    }\r\n\r\n    .boxConsult {\r\n        float: left !important;\r\n        width: 45% !important;\r\n        padding: 10px !important;\r\n    }\r\n\r\n    .formSecTwo {\r\n        text-align:center !important;\r\n        width: 100% !important;\r\n    }\r\n\r\n    .formHeading {\r\n        font-family: Arial, Helvetica, sans-serif;\r\n        margin-top: 0px;\r\n        font-weight: 700;\r\n        line-height: 25px;\r\n        font-size: 18px !important;\r\n        \r\n       margin-bottom: 60px !important;\r\n       color: #000!important;\r\n          margin-top: 5px !important;\r\n    }\r\n\r\n    .fieldHeading {\r\n        margin: 0 !important;\r\n        font-size: 13px !important;\r\n        text-align: left !important;\r\n        margin: 0px 39px 2px 93px !important;\r\n        font-weight: 500 !important;\r\n    }\r\n\r\n    .image {\r\n        max-width:90% !important;\r\n        height: auto !important;\r\n    }\r\n\r\n     .email-icon {\r\n            position: absolute;\r\n            right: 50px;\r\n             top: 20px;\r\n            transform: translateY(-50%);\r\n            pointer-events: none; \r\n        }\r\n\r\n          .email-container{\r\n             position: relative;\r\n         \r\n        }\r\n       \r\n\r\n        .email-icon img{\r\n                 width: 15px;\r\n        }\r\n\r\n\r\n         input::placeholder {\r\n            color:#495057;\r\n        }\r\n\r\n\r\n     ::placeholder {\r\n        color: #495057;\r\n    }\r\n\r\n        ::-ms-input-placeholder { \r\n          color:#495057;\r\n        }\r\n\r\n\r\n        input:-webkit-autofill {\r\n            background-color: transparent !important;\r\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \r\n            box-shadow: 0 0 0px 1000px white inset !important;\r\n            color: #495057 !important; \r\n        }\r\n\r\n        \r\n        input {\r\n            color:#495057 !important;\r\n        }\r\n\r\n\r\n    @media screen and (max-width: 480px) {\r\n        .boxDiv {\r\n            display: block !important;\r\n            padding: 15px !important;\r\n         \r\n        }\r\n\r\n        .image{\r\n        width: 80% !important;\r\n         margin-bottom: 14px;\r\n        }\r\n        .fieldHeading {\r\n            text-align: left !important;\r\n            margin: unset !important;\r\n        }\r\n\r\n        .boxConsult {\r\n            width: unset !important;\r\n            float: none !important;\r\n        }\r\n\r\n        .mainBox {\r\n            border: unset !important;\r\n        }\r\n\r\n        .formSec {\r\n            float: unset !important;\r\n            width: 100% !important;\r\n        }\r\n\r\n        .formSecTwo {\r\n            text-align: center !important;\r\n        }\r\n\r\n        .tnp-email {\r\n            width: 90% !important;\r\n        }\r\n\r\n        .formHeading {\r\n            margin-bottom: unset !important;\r\n        }\r\n\r\n         .email-icon {\r\n            position: absolute;\r\n            right: 25px;\r\n            top: 58%;\r\n            transform: translateY(-50%);\r\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\r\n        }\r\n       \r\n        .email-container{\r\n             position: relative;\r\n        }\r\n\r\n    }\r\n<\/style>\r\n\r\n<body>\r\n\r\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\r\n\r\n        <div class=\"boxDiv\">\r\n\r\n            <div class=\"boxConsult\">\r\n                <div>\r\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\">\r\n                        Book a Free Demo Call with Our People Security Expert<\/h3>\r\n                <\/div>\r\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\r\n            <\/div>\r\n\r\n            <div class=\"formSec\">\r\n                <div class=\" formSecTwo\">\r\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\">Enter your details<\/h4>\r\n                    <div class=\"tnp tnp-subscription-minimal\">\r\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\r\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\r\n\r\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\r\n                                    placeholder=\"Full Name\">\r\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\r\n                            <\/div>\r\n\r\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\r\n                               \r\n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\r\n                                    placeholder=\"Corporate Email Id\">\r\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\r\n                            <\/div>\r\n\r\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\r\n                               \r\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\r\n                                    placeholder=\"Company Name\">\r\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\r\n\r\n                            <\/div>\r\n\r\n                            <div class=\"email-container\">\r\n                               \r\n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\r\n                                    placeholder=\"Phone No.\"><br>\r\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\r\n                            <\/div>\r\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\r\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\r\n                                value=\"SUBMIT\">\r\n\r\n                        <\/form>\r\n                    <\/div>\r\n                <\/div>\r\n            <\/div>\r\n\r\n        <\/div>\r\n    <\/div>\r\n\r\n<\/body>\r\n\r\n<\/html>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_This_Breach_Matters\"><\/span><span style=\"color: #000000;\"><b>Why This Breach Matters?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Let\u2019s be realistic. This kind of breach has become a norm and doesn\u2019t give a shock anymore. But it <\/span><i><span style=\"font-weight: 400;\">is<\/span><\/i><span style=\"font-weight: 400;\"> frustrating. Especially for security leaders who\u2019ve already invested in:<\/span><\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\">Phishing awareness training<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Internal firewalls<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Endpoint protection<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">MFA across the board<\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">And yet, here\u2019s a customer data leak\u2026 triggered by a vendor.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The good and bad is that it wasn\u2019t Adidas\u2019 own systems that got breached. It was someone they trusted to talk to customers.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Whats_the_Risk_from_%E2%80%9CJust%E2%80%9D_Contact_Info\"><\/span><span style=\"color: #000000;\"><b>What\u2019s the Risk from \u201cJust\u201d Contact Info?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">You might be thinking:<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><i><span style=\"font-weight: 400;\"><strong>Okay, so names and emails were leaked. No passwords. No credit cards. Not ideal, but not catastrophic\u2026 right?<\/strong><\/span><\/i><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">This is not a thing to ignore because contact info is the <\/span><i><span style=\"font-weight: 400;\">starter fuel<\/span><\/i><span style=\"font-weight: 400;\"> for targeted phishing campaigns. For instance, a user might get fake shipping notifications. \u201cYour refund is ready\u201d scams. Spoofed Adidas promos. It can harm your business reputation.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If attackers know you contacted support recently, they can fake context like pros. They don\u2019t attack with malware but convince the people. And that\u2019s what works today.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Can_You_Take_from_This_Attack\"><\/span><span style=\"color: #000000;\"><b>What Can You Take from This Attack?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Here\u2019s what this Adidas breach should prompt every enterprise to ask:<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"color: #000000;\"><b>1. Are we vetting our vendors or just trusting them?<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">When was the last time you reviewed your vendor risk program? Do your third-party providers go through regular security audits? Would you <\/span><i><span style=\"font-weight: 400;\">catch<\/span><\/i><span style=\"font-weight: 400;\"> it if one got breached?<\/span><\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"color: #000000;\"><b>2. Do our users know how to spot phishing?<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Contact info leaks don\u2019t matter if users can smell a fake. But many can\u2019t. In fact, 2 out of 3 employees still click suspicious links in simulations, even after formal training.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><span style=\"color: #000000;\"><b>3. Do we have response protocols for third-party breaches?<\/b><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Do you even know <\/span><i><span style=\"font-weight: 400;\">which<\/span><\/i><span style=\"font-weight: 400;\"> vendors have access to customer data? And how fast could you act if one of them leaked it?<\/span><\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Can_You_Do_in_Your_Enterprise\"><\/span><span style=\"color: #000000;\"><b>What Can You Do in Your Enterprise?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">No one\u2019s asking you to rip out your vendor ecosystem or panic-purchase software. But here\u2019s what you <\/span><i><span style=\"font-weight: 400;\">can<\/span><\/i><span style=\"font-weight: 400;\"> do right now:<\/span><\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\"><a href=\"https:\/\/threatcop.com\/threatcop-security-awareness-training\">Run a phishing simulation<\/a> based on real-world scenarios.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Map your vendor data access: who has what, and why?<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Update your incident response playbook to include vendor-origin breaches.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Ask your customer-facing teams if they\u2019d recognize a socially engineered follow-up. You might be surprised.<\/span><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Concluding_Remarks\"><\/span><span style=\"color: #000000;\"><b>Concluding Remarks!<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Breaches like this don\u2019t make the front page for long. But they stick in customers\u2019 minds and in attackers\u2019 toolkits.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The next scam won\u2019t say, <\/span><i><span style=\"font-weight: 400;\"><strong>\u201cWe hacked your vendor.\u201d<\/strong><\/span><\/i><span style=\"font-weight: 400;\"> It\u2019ll say, <\/span><i><span style=\"font-weight: 400;\"><strong>\u201cHere\u2019s the refund you requested from Adidas.\u201d<\/strong><\/span><\/i><span style=\"font-weight: 400;\"> And if your team doesn\u2019t pause before clicking?<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Well, you know how that ends. Just empower your team to catch phishing before it clicks. Run real-world simulations to train your employees.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Are you sure that your customer service provider is secure? Adidas just learned the hard way that third-party vendors can be your weakest cybersecurity link. A recent data breach exposed the contact details of consumers across several countries. No ransomware. No major operational shutdowns. Just stolen contact info. And still, a wake-up call for every [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12692,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[284],"tags":[370],"class_list":["post-12691","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-digest","tag-adidas-got-breached-through-a-vendor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Adidas Confirms Data Breach Involving Third-Party Service Provider<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Adidas Confirms Data Breach Involving Third-Party Service Provider\" \/>\n<meta property=\"og:description\" content=\"Are you sure that your customer service provider is secure? Adidas just learned the hard way that third-party vendors can be your weakest cybersecurity link. A recent data breach exposed the contact details of consumers across several countries. No ransomware. No major operational shutdowns. Just stolen contact info. And still, a wake-up call for every [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-30T13:36:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-13T09:11:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Adidas Confirms Data Breach Involving Third-Party Service Provider\",\"datePublished\":\"2025-05-30T13:36:13+00:00\",\"dateModified\":\"2026-05-13T09:11:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/\"},\"wordCount\":684,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-2.jpg\",\"keywords\":[\"Adidas Got Breached Through a Vendor\"],\"articleSection\":[\"News and Digest\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/\",\"name\":\"Adidas Confirms Data Breach Involving Third-Party Service Provider\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-2.jpg\",\"datePublished\":\"2025-05-30T13:36:13+00:00\",\"dateModified\":\"2026-05-13T09:11:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-2.jpg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/unnamed-2.jpg\",\"width\":900,\"height\":600,\"caption\":\"Adidas Got Breached Through a Vendor\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/adidas-got-breached-through-a-vendor\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Adidas Confirms Data Breach Involving Third-Party Service Provider\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Adidas Confirms Data Breach Involving Third-Party Service Provider","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/","og_locale":"en_US","og_type":"article","og_title":"Adidas Confirms Data Breach Involving Third-Party Service Provider","og_description":"Are you sure that your customer service provider is secure? Adidas just learned the hard way that third-party vendors can be your weakest cybersecurity link. A recent data breach exposed the contact details of consumers across several countries. No ransomware. No major operational shutdowns. Just stolen contact info. And still, a wake-up call for every [&hellip;]","og_url":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2025-05-30T13:36:13+00:00","article_modified_time":"2026-05-13T09:11:20+00:00","og_image":[{"width":900,"height":600,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-2.jpg","type":"image\/jpeg"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Adidas Confirms Data Breach Involving Third-Party Service Provider","datePublished":"2025-05-30T13:36:13+00:00","dateModified":"2026-05-13T09:11:20+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/"},"wordCount":684,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-2.jpg","keywords":["Adidas Got Breached Through a Vendor"],"articleSection":["News and Digest"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/","url":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/","name":"Adidas Confirms Data Breach Involving Third-Party Service Provider","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-2.jpg","datePublished":"2025-05-30T13:36:13+00:00","dateModified":"2026-05-13T09:11:20+00:00","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-2.jpg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/05\/unnamed-2.jpg","width":900,"height":600,"caption":"Adidas Got Breached Through a Vendor"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/adidas-got-breached-through-a-vendor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Adidas Confirms Data Breach Involving Third-Party Service Provider"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=12691"}],"version-history":[{"count":3,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12691\/revisions"}],"predecessor-version":[{"id":14461,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12691\/revisions\/14461"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/12692"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=12691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=12691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=12691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}