According to the athletic-wear brand Adidas, on Tuesday 26 June, it became aware that an "unauthorised party" claimed to have acquired customer data from the US website, however it does not know when the breach occurred.
According to a preliminary investigation the data leaked is believed to be limited in scope, and it includes "contact information, usernames and encrypted passwords." The company also stated: "Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted."
"We are alerting certain consumers who purchased on Adidas.com/US about a potential data security incident. At this time this is a few million consumers," a spokesperson told Bloomberg.
Some 55 percent of consumers surveyed globally, according to a recent KPMG survey, have decided against purchasing something online due to privacy concerns. Their fears are not completely baseless, many companies have experienced significant data breaches, including Best Buy, WholeFoods, and Delta AirLines.
"Adidas is committed to the privacy and security of its consumers' personal data. Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers," the company said.
David Ross, VP of research at SecureAuth + Core Security commented on the breach in an email to SC Media UK saying: "Retailers will continue to be prime targets for attackers due to the valuable nature of personal and payment data they hold. Retailers have a responsibility to keep consumers' personal information safe and implement measures that detect and mitigate these types of attacks. Yet, despite increased spending on cyber-security capabilities, breaches still continue to rise. Far too often, we see organisations creating "security silos" by approaching network and endpoint security separately from identity management initiatives, which limits their ability to mitigate risks and detect breaches.
"Customers who have shared contact information including addresses, email addresses, and login information, should immediately reset passwords on other accounts where they may have reused the same password. They should also be vigilant to help mitigate the potential effects of identity theft.
"With 81 percent of data breaches attributed to attackers walking through the front door with stolen credentials, breaches where login information is stolen can have an equal negative impact on businesses as they do on consumers. Retailers should employ identity and access management solutions that provides the strongest protection while balancing a frictionless user experience."
Eyal Benishti, CEO and founder of Ironscales commented in an email to SC Media UK: ""This is an excellent example illustrating how phishing attacks are evolving to be even more believable. Brand spoofing like this is a quick, easy, and incredibly successful way to lure their potential victims into a false sense of security, and the lure of something new for free, may be too tempting for some to even question. People are used to having all aspects of the digital world readily available at the click of the button, and as phishing campaigns are becoming increasingly sophisticated and targeted, it comes as no surprise that many are seeing themselves scammed in this way, through attacks like this.
"With mobile phishing, attackers also have the advantage of no mouse hover option to preview the link, no subject line for individuals to consider, and, because it's on a small screen, it can be difficult to detect fake landing pages or decipher a legitimate message from a fraudulent one. This makes it even more important for smartphone users to be aware of scams like this, and to never follow the link in what appears to be an unsolicited offer."