On May 23rd, adidas confirmed a cyber attack that exposed the personal data of customers who had contacted its help desk. The breach occurred through unauthorised access to a third-party customer service provider, making Adidas the latest in a growing list of major retailers hit by supply chain-related cybersecurity incidents.
What we know so far
- The breach involved consumer contact information, but no financial data has been reported as compromised.
- adidas stated: “We remain fully committed to protecting the privacy and security of our customers and sincerely regret any inconvenience or concern caused by this incident.”
- The company has launched an investigation with external parties and is notifying affected customers, data protection authorities and law enforcement.
Expert insight: supply chain vulnerabilities on the rise
“In 2025, we’re seeing a sharp rise in supply chain vulnerabilities, driven by the rapid digitisation of operations, increased reliance on third-party vendors and the growing complexity of global logistics networks.
Cybercriminals are capitalising on these weaknesses, launching sophisticated attacks that exploit gaps in vendor security, software dependencies, and real-time data exchanges.
The convergence of operational technology (OT) and IT systems has further widened the attack surface, making traditional perimeter-based defences obsolete.
At CSG, we’re urging organisations to adopt a zero-trust mindset, enhance visibility across their entire supply chain, and invest in continuous monitoring and threat intelligence to stay ahead of these evolving threats.” – Matthew Bater, managing director at Computer Services Group (CSG).
This breach underscores a critical truth: even if your internal systems are secure, your third-party vendors might not be – and that can put your customers at risk.
At CSG, we simplify the management of third-party IT vendors by offering a fully managed service that gives you a single, dedicated point of contact for all your technology needs.
Outsourcing vendor management is a strategic advantage, but with third-party providers often being the weakest link in cybersecurity, it’s also a critical risk area. That’s why our service goes beyond coordination – CSG actively monitor, assesses and ensures that every vendor in your supply chain adheres to strict security standards.
This means you can focus on your core business, confident that your external partners are not introducing vulnerabilities or exposing you to potential breaches.
How CSG helps your business stay secure
At CSG, we understand that cybersecurity isn’t just about protecting your own systems, it’s about securing your entire digital infrastructure. Here’s how we help businesses like yours avoid becoming the next headline:
1. Third-party risk assessments
We evaluate the security posture of your vendors and partners to ensure they meet your standards—before they become a liability.
2. 24/7 threat monitoring
Our managed security services detect and respond to threats in real time, so you’re never caught off guard.
3. Zero trust architecture
We help implement a zero trust model, ensuring that no user or system – internal or external – is trusted by default.
“At CSG, we take the complexity out of managing third-party IT vendors by offering a fully managed service that gives you a single, dedicated point of contact.
Organisations face constant pressure to reduce costs, boost revenue, and stay competitive – outsourcing vendor management has become the strategic way to do this. But with third-party providers often being the weakest link in cybersecurity, it’s also a critical risk area.
That’s why our service goes beyond coordination – we actively monitor, assess and ensure that every vendor in your supply chain follows strict security standards.
This means you can focus on your core business, confident that your external partners are not introducing vulnerabilities or exposing you to potential breaches.” – Rhodri Griffiths, technical solutions architect at Computer Services Group (CSG).
4. Incident response planning
If something does go wrong, we help you respond quickly and effectively, minimising damage and restoring trust.
5. Employee awareness training
We equip your team with the knowledge to spot phishing, vishing, and social engineering attempts, especially during high-risk periods like holidays.
End users are the most vulnerable and targeted users in all organisations. They are constantly harassed with new phishing schemes in the hope that one of these attacks will be successful.
Our continuous and intelligent system allows user training to cover the most recent threat tactics using real-life templates, and scenarios of which they could come across a dodgy link. This ensures all users are up to date, prepared and aware of any possible dimension of an attack.
Take advantage of our collection of more than 30 security awareness training modules, covering both security and compliance topics. Learn more about our training offerings.
