Adidas on Tuesday officially confirms a third-party breach has led to the compromise of customer data, but questions remain as to whose customer data was impacted and where.

The German sportswear company was reported by Cybernews to have sent breach notifications to its regional customers in Turkey and Korea earlier this month.

But now, it appears Adidas has posted an official notice on both its German and English-language websites about what could be one singular cyber incident impacting its entire network – or possibly a third breach impacting another Adidas regional network.

Titled “Data Security Information,” Adidas stated it recently became aware “that an unauthorized external party obtained certain consumer data through a third-party customer service provider.”

Adidas confirms customer data was stolen in a recent third-party vendor breach on its website, adidas-group.com. Image by Cybernews.
Cybernews, which happened to cover both the Adidas Turkey and the Adidas Korea breaches as they hit the news cycle in their respective countries, has reached out to Adidas for the second time this month, looking for further clarification.

So far, there has been no response to either inquiry at the time of this report, but Cybernews will update our readers if that changes.

The Korean breach notice states the attackers were able to obtain information customers submitted to the Adidas customer center in 2024 and previous years.

Reportedly, the leaked information includes names, email addresses, phone numbers, dates of birth, and other personal details, as was similarly reported in the Turkish media.