The Adidas Data Breach is making headlines after the notorious Lapsus$ hacking gang claimed it broke into the company’s Extranet portal.

According to the group, roughly 815,000 rows of sensitive information were exposed during the attack.

Adidas has not released any official statement about this incident. The sportswear giant already confirmed a separate third-party breach back in May 2025, so this marks the second security scare in a short period.

How the Adidas Data Breach Happened

Lapsus$ says it gained access to the Adidas Extranet, a restricted web portal used by authorized business partners, suppliers, retailers, and employees. The group posted its claims on Telegram and warned that “something bigger is coming.”

The stolen information reportedly includes:

• First and last names
• Email addresses
• Passwords
• Dates of birth
• Company information
• Technical data

TROYPOINT Tip: Protect your identity and personal info from a data breach by using Aura Identity Theft Protection which is TROYPOINT’s recommended identity theft protection.

Aura Identity Theft Protection Review

On top of that, Lapsus$ stated it holds around 420GB of Adidas records tied to the French market. However, security researchers who reviewed the claims believe the gang is overstating what it actually obtained.

According to their analysis, the SQL files contain customer and employee records from companies that resell Adidas products, not from the sportswear brand itself. Only about 130 accounts appear to be affected, and the row count was inflated by including database commands like “DROP TABLE” in the totals.

The data appears to originate from Double D, a French company founded in 1994 that serves as a global licensee for Adidas combat sports since 2005.

How to Protect Yourself After This Breach

Even if this breach is smaller than Lapsus$ claims, the exposed passwords and email addresses could fuel phishing attacks.

Anyone who has done business with Adidas or its partner retailers should take precautions like changing your password on any Adidas-related accounts, turning on two-factor authentication, and monitoring your email for suspicious messages.

You should also check whether your email address has appeared in other known breaches using a service like HaveIBeenPwned.

Final Thoughts

Lapsus$ remains one of the most active English-speaking cybercrime groups alongside Scattered Spider and ShinyHunters, according to a recent Resecurity report.

While this particular Adidas data breach may be exaggerated, the threat from these organizations is very real. Consumers and businesses alike need to stay alert and protect their personal information before the next attack hits.

For more details on this story, refer to the report from Cybernews.

We want to know your thoughts. What do you think about this story? Let us know in the comment section below!

Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.