Adidas Investigates Alleged Third-Party Data Breach Claimed by Lapsus$
Adidas confirmed it is investigating an alleged data breach tied to one of its independent licensing partners/third-party customer service providers after a threat actor claiming affiliation with Lapsus$ posted on BreachForums that they compromised Adidas’ extranet and stole a dataset described as 815,000 rows. The purported data includes names, email addresses, passwords, birthdates, company names, and other technical information; Adidas said it has no evidence its core IT infrastructure, e-commerce platforms, or consumer/customer data were impacted, and key details remain unverified while the investigation continues.
Reporting also linked the claim to the broader Scattered Lapsus$ Hunters ecosystem (associated in coverage with social-engineering-driven intrusions), and noted Adidas has faced prior third-party exposure: in May 2025, Adidas notified customers that some data was stolen following unauthorized access to an external provider’s system. Separately, ShinyHunters claimed a different intrusion against CarGurus involving alleged theft of 1.7 million corporate files via voice-phished single sign-on codes; that incident is distinct from the Adidas/Lapsus$ allegation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Adidas confirms investigation into alleged third-party breach
On 2026-02-19, Adidas said it was investigating a possible data breach involving an independent licensing partner or third-party customer service provider. The company stated it had found no indication that its core IT infrastructure, e-commerce platforms, or consumer data were compromised.
Threat actor claims Adidas extranet breach on BreachForums
On 2026-02-16, an actor using the alias "LAPSUS-GROUP" claimed on BreachForums to have accessed Adidas' extranet through a third-party partner. The actor alleged theft of about 815,000 rows of data, including personal and technical information, and claimed to hold additional Adidas-related data tied to the French market.
Adidas discloses customer data theft via third-party service provider
In May 2025, Adidas disclosed that customer data had been stolen after unauthorized access to an external customer service provider's system. Reports said the exposed information included customer contact details, while passwords and financial data were not affected.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Adidas Investigates Alleged Data Breach - 815,000 Records of Customer Data Stolen
cybersecuritynews.com
Open sourceThird-party hack probed by Adidas amid data theft assertions | SC Media
scworld.com
Open sourceAdidas investigates alleged data breach affecting 815,000 records - Help Net Security
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Under Armour Investigates Everest Ransomware Data Leak Affecting 72M Customers
Under Armour said it is investigating claims that an unauthorized party obtained customer data after a dataset tied to the company was posted to a hacker forum and subsequently ingested by breach-notification services. **Have I Been Pwned** reported obtaining a copy of the data and notifying roughly **72 million** individuals; the exposed information reportedly includes names, email addresses, gender, date of birth, approximate location (postcode/ZIP-derived), and purchase-related data, and also contains numerous Under Armour employee email addresses. Under Armour stated there is currently **no evidence** the incident affected *UA.com* or systems used to process payments or store customer passwords, while noting that the portion of customers with “sensitive” information impacted is believed to be small. Multiple reports tie the leak to a **November 2025** intrusion claimed by the **Everest** ransomware group, which alleged Under Armour failed to meet a negotiation deadline and that the data was then published and redistributed across forums and leak sites. One account describes the theft as involving **343 GB** of company data and indicates the forum-posted dataset includes **72 million email addresses** plus additional PII and purchase information; another report cites a much larger dataset claim (over **191 million records** with ~**72.7 million** unique email addresses) and notes a US class action lawsuit alleging negligence and large-scale exfiltration, including potential employee data. Reporting also reiterates Everest’s typical tradecraft, including credential-based access and use of remote access tooling (e.g., *AnyDesk*, *Splashtop*), though Under Armour has not publicly confirmed the intrusion vector or the full scope of data exfiltration.
Mar 21, 2026
ADT Confirms Customer Data Breach After ShinyHunters Extortion Claim
ADT disclosed that attackers gained unauthorized access to certain cloud-based environments and stole customer and prospective customer data, prompting the company to activate incident response measures, engage forensic specialists, notify law enforcement, and contact affected individuals. The exposed information included names, phone numbers, and home addresses, with dates of birth and the last four digits of Social Security numbers or Tax IDs affected in a smaller number of cases; ADT said payment information was not accessed and customer home security systems were not impacted. The disclosure followed claims by the **ShinyHunters** extortion group that it had stolen more than 10 million records and internal corporate data and would leak the information if its demands were not met. Reporting tied the intrusion to a suspected vishing attack that allegedly compromised an employee's **Okta** single sign-on account and enabled access to ADT's **Salesforce** environment, matching a broader pattern in which the group targets enterprise SSO accounts and connected SaaS platforms to steal data for extortion.
May 6, 2026
ShinyHunters Leak Exposes Data of 197,000 Zara Customers via Third-Party Provider
Inditex disclosed that unauthorized access to databases hosted by a former third-party technology provider exposed data tied to nearly **197,000 Zara customers**. The compromised records reportedly included about **197,400 unique email addresses**, order IDs, product SKUs, geographic market information, purchase history, and customer support ticket data. Inditex said the incident did **not** affect names, passwords, payment details, postal addresses, or phone numbers, and added that Zara’s own operations and internal systems were not impacted. The breach has been linked by **Have I Been Pwned** to the **ShinyHunters** extortion group’s April 2026 “pay or leak” campaign. According to the reporting, the attackers claimed they gained access through compromised **Anodot** authentication tokens and exfiltrated data from **BigQuery** environments, including a broader archive that allegedly contained up to **95 million support ticket records**. After failed extortion attempts, the group reportedly published the stolen data, while Inditex said it activated security protocols and began notifying relevant authorities.
May 8, 2026