Adidas has confirmed a data breach stemming from a compromise of a third-party customer service provider. Hackers stole contact information of customers who had reached out to Adidas’ help desk. While no financial or password data was reportedly accessed, the breach raises concerns about supply chain vulnerabilities.
Andrew Obadiaru, CISO, Cobalt had this to say:
“This Adidas breach is yet another case of attackers taking the path of least resistance—third-party vendors with less mature defenses. In offensive security, these peripheral entry points are frequently the first tested during a campaign. And in retail, where customer engagement relies on sprawling digital ecosystems, vendors often fall outside the scope of proactive security testing. It’s no longer enough to harden your own walls—you must probe your supply chain with the same rigor. Otherwise, your vendors become the adversary’s open door.”
Wade Ellery, Field CTO, Radiant Logic follows with this:
“The Adidas breach puts a spotlight on the observability gap in third-party environments. While payment data may be safe, identity data—names, emails, contact history—still holds value in the attack chain. These are real identity artifacts, and they deserve the same level of scrutiny and visibility as any internal asset. Enterprises must rethink vendor oversight, ensuring that even external service layers feed into a unified observability framework. Without this, organizations risk flying blind where it matters most: at the seams between systems.”
Once again we see an example of a company getting pwned through no fault of their own. Other than the fact that they should consider holding third parties accountable for their security like the NHS recently did. Because it should be crystal clear by now that you’re only as secure as the companies that you work with.
Like this:
Like Loading...
Related
This entry was posted on May 29, 2025 at 1:26 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Adidas Has Been Pwned Via A Third Party Hack
Adidas has confirmed a data breach stemming from a compromise of a third-party customer service provider. Hackers stole contact information of customers who had reached out to Adidas’ help desk. While no financial or password data was reportedly accessed, the breach raises concerns about supply chain vulnerabilities.
Andrew Obadiaru, CISO, Cobalt had this to say:
“This Adidas breach is yet another case of attackers taking the path of least resistance—third-party vendors with less mature defenses. In offensive security, these peripheral entry points are frequently the first tested during a campaign. And in retail, where customer engagement relies on sprawling digital ecosystems, vendors often fall outside the scope of proactive security testing. It’s no longer enough to harden your own walls—you must probe your supply chain with the same rigor. Otherwise, your vendors become the adversary’s open door.”
Wade Ellery, Field CTO, Radiant Logic follows with this:
“The Adidas breach puts a spotlight on the observability gap in third-party environments. While payment data may be safe, identity data—names, emails, contact history—still holds value in the attack chain. These are real identity artifacts, and they deserve the same level of scrutiny and visibility as any internal asset. Enterprises must rethink vendor oversight, ensuring that even external service layers feed into a unified observability framework. Without this, organizations risk flying blind where it matters most: at the seams between systems.”
Once again we see an example of a company getting pwned through no fault of their own. Other than the fact that they should consider holding third parties accountable for their security like the NHS recently did. Because it should be crystal clear by now that you’re only as secure as the companies that you work with.
Share this:
Like this:
Related
This entry was posted on May 29, 2025 at 1:26 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.