Adidas have suffered a security breach that may have put some of its customers’ data at risk. The company said that an “unauthorized party” said it had gained access to customer data on Adidas’ US website. Currently, it believes only customers who shopped on and purchased items from the US version of Adidas.com may have been affected by the breach. IT security experts commented below.
Javvad Malik, Security Advocate at AlienVault:
“The Adidas breach highlights two unfortunate trends. Firstly, that the company was apparently made aware of the breach through an unauthorised third party which claimed to have access to its customer details. It reinforces the need to have strong monitoring and threat detection controls in place so that enterprises can detect breaches themselves in a timely manner.
Secondly, without having monitoring controls in place, a company cannot say with certainty whether the claim of a breach is true or not. This leads to any malicious party being able to claim that they have breached a company, even if they haven’t, leading to unnecessary activity needing to be undertaken by the company and its customers, not to mention the potential lack of trust this creates.”
David Ross, VP of Research at SecureAuth + Core Security:
“Retailers will continue to be prime targets for attackers due to the valuable nature of personal and payment data they hold. Retailers have a responsibility to keep consumers’ personal information safe and implement measures that detect and mitigate these types of attacks. Yet, despite increased spending on cybersecurity capabilities, breaches still continue to rise. Far too often, we see organisations creating “security silos” by approaching network and endpoint security separately from identity management initiatives, which limits their ability to mitigate risks and detect breaches.
“Customers who have shared contact information including addresses, email addresses, and login information, should immediately reset passwords on other accounts where they may have reused the same password. They should also be vigilant to help mitigate the potential effects of identity theft.
“With 81 percent of data breaches attributed to attackers walking through the front door with stolen credentials, breaches where login information is stolen can have an equal negative impact on businesses as they do on consumers. Retailers should employ identity and access management solutions that provides the strongest protection while balancing a frictionless user experience.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.