In May 2025, one of the world’s leading sportswear companies, Adidas, revealed two significant customer data breaches in Korea and Turkey. Disclosed on or about May 16, 2025, the data breaches created an uproar concerning customer data protection, considering that they were third-party customer support service providers involved. The data breaches exposed sensitive customer data, raising the threat of phishing and identity theft. The report is an in-depth analysis of the data breaches, Adidas’ response, their implications on customers, and what to do for impacted customers. The data is up to date as of reports from reputable sources up to May 20, 2025.
Adidas Korea Data Breach
Adidas Korea on May 16, 2025, disclosed that consumers using its customer service center in 2024 or earlier were impacted by data disclosure. Data leakage happened through third-party customer service providers, and customer information was accessed unauthorized. The data that was disclosed:
- Customer names
- Email addresses
- Phone numbers
- Birthdates
- Addresses
Adidas confirmed no payment information, passwords, or financial data was affected. Adidas notified directly every affected Korean customer, and local authorities were informed of the attack. The data privacy regulator in South Korea launched an investigation into data protection procedures at Adidas Korea, which could lead to regulation MLex – Adidas Faces Review.
Adidas Turkey Data Breach
Days following the Korean case, Adidas Türkiye also learned of an additional customer data leak of customers that had previously reached out to its customer service team. The exposed data includes:
- Full names
- Email addresses
- Phone numbers
- Dates of birth
- Gender
Similar to the Korean breach, no financial information or credit card data was compromised. Adidas Türkiye has taken immediate steps to enhance its security systems and is collaborating with cybersecurity experts to investigate the breach. The company has also advised customers to be cautious of phishing attempts and suspicious communications Hurriyet Daily News – Adidas Türkiye Data Breach.
| Details | Adidas Korea Breach | Adidas Turkey Breach |
|---|---|---|
| Date of Disclosure | May 16, 2025 | May 2025 (exact date unspecified) |
| Affected Customers | Contacted customer service in 2024 or earlier | Contacted customer service previously |
| Compromised Data | Names, emails, phone numbers, birthdates, addresses | Names, emails, phone numbers, birthdates, gender |
| Unaffected Data | Financial information, passwords | Financial information, credit card data, passwords |
| Source of Breach | Third-party customer service provider | Third-party customer service provider |
| Company Actions | Notified customers, reported to authorities, enhanced security | Enhanced security, working with experts, customer advisories |
Adidas’ Response
Adidas took the following actions to address these transgressions within both marketplaces:
- Customer Notification: Adidas Korea and Türkiye informed affected customers of the breaches while keeping them transparent.
- Cooperation with Experts: The company is working together with information security experts to investigate the breaches and protect its systems.
- Regulatory Reporting: Adidas Korea informed Korean authorities of the data leak, and an investigation is currently being conducted by the privacy regulator.
- Increased Security: Adidas Korea and Türkiye also adopted additional measures of security to prevent such instances in the future.
Despite these measures, third-party usage has raised questions about where Adidas is lacking data protection measures, particularly as both breaches were on third-party systems.
Impact on Customers
Release of individual data, such as names, e-mail addresses, phone numbers, birthdays, and, in the case of Turkey, of gender, is dangerous. Although no financial data was disclosed, there are still many possible means by which released information can be exploited:
- Phishing Attacks: The information can be used by attackers to craft specific phishing messages or emails, which fool customers into revealing further sensitive information.
- Identity Theft: Personal data convergence could be used for impersonation or to obtain more accounts.
- Data Trading: The illicit data is likely to be traded on the dark web, where it can be further abused.
Up to this time, no abusive use of the exposed data has been carried out as of May 20, 2025, though customers are requested to be vigilant.
Recommendations for Affected Customers
If you are an Adidas customer in Korea or in Turkey and you’ve reached customer support, you may be affected by these breaches. Take these steps to protect yourself:
- Be on the lookout for Suspicious Activity: Scan your e-mail, phone, and other accounts regularly for suspicious activity, such as unusual messages or login attempts
- Avoid Phishing Attempts: Do not open links or divulge personal data to texts, calls, or emails that you did not ask for. Check who is calling or texting you before you react.
- Update Passwords: Update passwords for other accounts if you use the same password for multiple services to avoid unauthorized access
- Report Suspicions of Abuse: In case you believe your information is being abused, report it to Adidas customer service and to local law enforcement instantly.
These breaches belong to an industry-wide pattern of cybersecurity breaches on large brands, and Dior also announced the same type of breach in May of 2025. The breaches highlight the vulnerability of using third-party vendors and also reinforce the requirement for secure data protection measures. With increasingly reliance on outside vendors, customer data protection at every touchpoint remains an ongoing goal of supreme significance.
