Adidas comments on possible data leak at external service provider
The cyber gang Lapsus$ claims in an underground forum to have copied data from Adidas from an external service provider.
In the underground forum, the cyber gang Lapsus$ announces the data theft from Adidas's extranet.
(Image: heise medien)
The criminal online gang Lapsus$ allegedly claims in an underground forum to have copied a data set from Adidas in the company's extranet. It is said to comprise 815,000 lines.
According to the entry in the underground forum by the group Lapsus$, which no longer appears independently, and was last seen in the conglomerate "ShinyHunterLapsus", the database contains first names, last names, email, password, birthday, and "a lot of technical data". The perpetrators also hint at further escaped data of larger scope: "Something bigger is coming, just wait. You will like it." they write there. The entry by the cybercriminals is dated February 16, 2026. No further details are available yet.
When asked by heise online, Adidas explained: "We have been made aware of a potential data privacy incident at an independent licensee and distribution partner for combat sports products. This is an independent company with its own IT systems. We have no indication that adidas's IT infrastructure, our own e-commerce platforms, or our customer data are affected by this incident."
Further information not yet available
However, Adidas does not disclose the name of the affected distribution partner. Likewise, the manufacturer leaves it unclear which data and to what extent it is potentially affected, as the licensee has access to it.
Videos by heise
If the data allegedly stolen by the Lapsus$ group actually includes names and emails as well as the context "Adidas", attackers can use it to launch more targeted phishing attacks. Recipients should therefore exercise particular caution with supposed messages from Adidas.
This is not the first IT security incident to become known in the context of the sports equipment manufacturer Adidas. Already in May of last year, criminals stole data from Adidas customers. The scope was also unclear at the time. The data consisted at the time "essentially of contact information belonging to customers who have contacted our customer service in the past," the company explained there. Here too, there was apparently unauthorized data access at a "contracted customer service provider".
(dmk)
