Adidas, a German sportswear giant has once again found itself in the spotlight, but this time for troubling cybersecurity concerns rather than business performance. The company, which is reportedly being considered for acquisition by Nike in October 2027, has allegedly become the latest target of a notorious ransomware group.
The hacking collective known as Lapsus$ has claimed responsibility for breaching Adidas’ systems and exfiltrating sensitive data. The group reportedly posted a portion of the stolen information on a well-known breach forum, stating that the data was taken directly from Adidas servers. According to the hackers, the company refused to meet their ransom demands, prompting them to attempt to sell the data online instead.
Adding credibility to their claims, Lapsus$ — now said to be collaborating under the banner of Scattered Lapsus$Hunters — has released screenshots of the allegedly stolen database. However, cybersecurity observers remain cautious. Some experts who have reviewed samples of the leaked data are uncertain whether the information is current and active or simply outdated records from a previous breach.
Sources cited by Cybersecurity Insiders suggest that approximately 815,000 rows of data were compromised. The dataset reportedly includes employee and customer names, dates of birth, account passwords, business identifiers, and certain technical details. If verified, such exposure could pose significant risks, including identity theft, credential stuffing attacks, and targeted phishing campaigns.
Notably, Adidas previously confirmed a data breach in May 2025, when attackers successfully infiltrated its systems and extracted sensitive information. This earlier incident has fueled speculation on social media that the newly advertised dataset may actually originate from last year’s breach rather than a fresh cyberattack.
According to Microsoft, Lapsus$ — also referred to as Strawberry Tempest — has been associated with aggressive cyber extortion campaigns. The group is believed to have links with the threat actor collective ShinyHunters, which is known for targeting both public institutions and private corporations.
These threat actors frequently employ social engineering tactics, SIM-swapping schemes, and multi-factor authentication (MFA) fatigue attacks to gain unauthorized access to corporate networks. As investigations continue, the incident underscores the growing sophistication of ransomware operations and the mounting cybersecurity challenges facing global enterprises.
Join our LinkedIn group Information Security Community!
