(Bloomberg)—Adidas AG, No. 61 in the Internet Retailer 2018 Top 1000, is the latest company to come under attack from cyber-thieves looking to steal personal information, with millions of customers potentially at risk.
The athletic-wear company alerted customers on Thursday about a possible data breach on its U.S. website. A preliminary investigation found the leaked data includes contact information, usernames and encrypted passwords, the company said in a statement. Adidas said it does not believe any credit card or health and fitness information was compromised.
“We are alerting certain consumers who purchased on adidas.com/US about a potential data security incident. At this time this is a few million consumers,” a spokeswoman said in an email.
The disclosure marks the latest in a series of data breaches at major companies across a broad swath of industries, including retailers Hudson’s Bay Co. (No. 36) and Under Armour Inc. (No. 33), aerospace giant Boeing Co., airlines like Delta Air Lines Inc. and natural gas pipelines and electric utilities.
“With the growth of e-commerce and mobile payments, there is a large opportunity for hackers to infiltrate retail databases and steal consumer data. From this year’s Saks Fifth Avenue breach to, now, Adidas, the common thread these incidents share is the centralization of massive amounts of customer data—this includes payment and retail account login details, bank card numbers and more,” says George Avetisov, CEO of authentication software company HYPR. “This creates a large attack surface and an easy, single point of failure that hackers love.”
The company said it found out about the problem on Tuesday, when “an unauthorized party” claimed to have acquired some of its consumer data. Adidas is in the process of conducting a forensic review and is alerting customers it believes could be affected.
“Each time a new data breach is disclosed from a ‘trusted’ retailer, consumer trust in that brand diminishes,”says Joe Stuntz, vice president of cybersecurity at cybersecurity and digital commerce research and strategy firm One World Identity. “To Adidas’ credit, they disclosed the breach quickly, because, as we’ve seen with other incidents, no breach stays secret for long, and the appearance of attempting to cover it up can further weaken consumer confidence in that brand.”