Adidas is currently investigating claims of a potential data breach involving one of its third-party partners. The breach was reported on February 16, 2026, when a group known as ‘LAPSUS-GROUP’ asserted on BreachForums that they had accessed the sportswear giant’s extranet portal without authorization.
Details of the Alleged Breach
The group, believed to be linked to the Scattered Lapsus$ Hunters, is notorious for using social engineering tactics. They claim to have extracted roughly 815,000 rows of data from the Adidas Extranet, a secure portal designed for interactions with business partners, suppliers, and retailers.
According to the threat actors, the compromised data includes names, email addresses, passwords, birthdays, and company details, alongside extensive technical data. They further suggested that more disclosures are imminent and alleged possession of around 420GB of data related to the French market.
Adidas’ Response and Investigation
An Adidas spokesperson informed The Register about the potential data protection issue, linked to an independent licensing partner dealing with martial arts products. Adidas emphasized that this partner operates its own IT systems, and there is no indication that Adidas’ own IT infrastructure, e-commerce platforms, or consumer data have been affected.
This incident follows another third-party breach in May 2025, where an unauthorized party accessed a customer service provider used by Adidas, compromising contact details of customers who had reached out to their helpdesk. No passwords or financial data were involved in that breach.
Security Implications and Recommendations
The repeated incidents highlight vulnerabilities in supply chain security and vendor access management for Adidas. Security experts advise companies to implement strict least-privilege access, require multi-factor authentication for third-party interactions, and conduct regular audits of partner-facing portals to mitigate risks associated with extranet vulnerabilities.
Adidas has not provided details on the timing or scope of the latest breach, and the investigation is ongoing. The company continues to assess the situation to ensure data security and minimize future risks.
Stay updated with the latest cybersecurity news by following us on Google News, LinkedIn, and X. Reach out to feature your stories.
