Adidas issues a warning about data breach

TrueMove H Data Breach

According to Betanews, the sports brand Adidas suffered data leakage earlier this week, and the company has warned US customers. The company said that it realised that “an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.” Two days later, the company began to inform its U.S. customers that their data (including contact information, username, etc.) may have been disclosed.

Adidas stated that potential security breaches would only affect customers who make purchases on adidas.com/US and emphasise that only encrypted account passwords may be accessed. A statement Adidas posted on its website on Thursday did not suggest the seriousness of the issue, nor did it suggest who might be responsible for the leak:

Adidas today announced that it is alerting certain consumers who purchased on adidas.com/US about a potential data security incident. On June 26, Adidas became aware that an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.

Adidas is committed to the privacy and security of its consumers’ personal data. Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers. Adidas is working with leading data security firms and law enforcement authorities to investigate the issue. According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted.

While Adidas continues its thorough forensic review, Adidas is alerting relevant consumers.”

Javvad Malik, AlienVault’s security advocate, commented on the data breach:

The Adidas breach highlights two unfortunate trends. Firstly, that the company was apparently made aware of the breach through an unauthorised third party which claimed to have access to its customer details. It reinforces the need to have strong monitoring and threat detection controls in place so that enterprises can detect breaches themselves in a timely manner.

Secondly, without having monitoring controls in place, a company cannot say with certainty whether the claim of a breach is true or not. This leads to any malicious party being able to claim that they have breached a company, even if they haven’t, leading to unnecessary activity needing to be undertaken by the company and its customers, not to mention the potential lack of trust this creates.