Millions of customers’ data are at risk in the Adidas data breach last June 2018.
Adidas data breach
Adidas confirmed the incident. They posted on their website about the data breach news.
Moreover, the company found out about the breach on June 26. Then, they announced the breach just two days after.
However, they have no idea when the breach started.
The leaked information
Additionally, they said that the breach leaked the following information:
- contact information
- email addresses
- billing addresses
- usernames and other login information
- encrypted passwords
Besides, the company claimed that there was no leaked fitness information.
Their action
Adidas said that they finished the preliminary investigation. Yet, they did not find any evidence that credit card information was leaked.
Moreover, they released a short statement about the breach. And they continue to alert customers.
Besides, they followed the General Data Protection Regulation (GDPR). Also, they reported the breach within 72-hours after the discovery.
Also, they made steps to find out the cause of the issue. They hired the best data security teams for their investigation.
Additionally, they contacted law enforcement to assist in their investigation.
Plus, they made an incident response to the breach. They promptly told their customers about the incident.
What you can do
Adidas told its customers to check their payment card statements. Here, they can find if there are any unusual activities.
So, if you find an unwanted withdrawal or transaction. Make sure to alert your bank and credit card issuer.
Also, Adidas stated that customers should change their passwords asap.
Who are the affected
Adidas said that it only affected the US customers. So, only those who shopped and bought items from adidas.com/US may have been affected.
Also, the company’s other web stores were not affected. Moreover, they said that the breach did not affect its subsidiary Reebok.
But, they do not know the exact number of affected users. And a spokeswoman from Adidas said that it could be “a few million.”
What can we learn from the Adidas data breach?
Breaches like this tell us a lesson. Companies, no matter how big or small should have strong security.
Also, there should be strong monitoring of threats. Thus, they can detect threats and breaches faster. And if they detect it fast, they can also respond to it quickly.
Why is this important?
Well, if there is no monitoring, they cannot confirm if a breach is true or not. Also, breaches can ruin a company’s reputation. Not to mention the loss of trust from its customers.
Besides, it only takes a little gap for hackers to breach a company. Like what happened to the Paypal security issue. Which caused millions of data leakage, too.
Finally, applying threat controls is important. Because it is required from the GDPR.
Companies should protect the private information of its customers. Also, it should follow the six data principles:
- Transparency of data processing
- Proper data collection
- Limited and relevant information
- Accurate and up-to-date
- Proper storage
- Secured processing
Failure to apply the controls and breach response can lead to fines. And it can impact a company greatly, too.