Latest news with #Marks&Spencer

Adidas confirms data breach, customer contact information exposed

Fashion United

13 hours ago

Business
Fashion United

Adidas confirms data breach, customer contact information exposed

Adidas has confirmed a cybersecurity breach in which unauthorized actors accessed personal data belonging to customers who had previously contacted the company's customer service. The compromised information primarily includes names, phone numbers, and email addresses. The sportswear giant emphasized that no passwords, credit card details, or other payment-related data were affected. The breach occurred through a third-party customer support provider, according to an official statement. Upon discovering the incident, Adidas said it promptly took steps to contain the breach, launched a full-scale investigation with the support of cybersecurity experts, and began notifying affected individuals, as well as regulatory and law enforcement authorities, in line with legal obligations. "We remain fully committed to protecting the privacy and security of our consumers and sincerely regret any inconvenience or concern caused by this incident," the company said. Consumer advocacy group Which? urged customers to be vigilant, recommending they monitor their financial accounts and credit reports for unusual activity. The group also warned that scammers might attempt to exploit the breach by posing as Adidas representatives through unsolicited emails, calls, or social media messages. The Adidas incident follows a wave of cyberattacks on major retailers including Marks & Spencer, Co-op, and Harrods. While recent attacks have been linked to the English-speaking hacking group known as Scattered Spider, there is currently no indication that Adidas's breach is related. Despite the breach, Adidas reported no operational disruptions and continues to implement enhanced security measures to safeguard its consumer data.(DPA)

Adidas is latest cyberattack victim with shoppers' data stolen

Metro

16 hours ago

Business
Metro

Adidas is latest cyberattack victim with shoppers' data stolen

Adidas has been hacked, with customers' personal information stolen in a cyber attack. The sportswear giant said criminals stole 'mainly' contact information of people who have dealt with its customer service desk. So if you bought trainers or sports bras recently and had any questions about them, you might have been targeted. A spokesperson said the incident 'has no operational impact', and that they are in process of informing anyone who might have been affected. Passwords, credit card information and payments-related data were not affected by the breach, the company said. The Adidas hack comes after Marks & Spencer, Co-op and Harrods faced massive disruption in recent weeks following cyber attacks. Marks & Spencer said last week that the hack would cost it about £300 million after being targeted around the Easter weekend. Online shopping is still not available on its website, despite it now being over a month since the hack was made public. A statement on the Adidas website said: 'Adidas recently became aware that an unauthorised external party obtained certain consumer data through a third-party customer service provider. 'We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts. 'The affected data does not contain passwords, credit card or any other payment-related information. 'It mainly consists of contact information relating to consumers who had contacted our customer service help desk in the past. 'Adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law. More Trending 'We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident.' News of the hack comes weeks after Greece filed a lawsuit against Adidas over what appeared to be a drone light show advertising the sports brand over the fifth-century BC Acropolis. Footage shared on social media shows a light show of drones forming a shoe above the ancient Athens citadel. Adidas's three-stripe logo, along with the words 'Feel Fast', were also displayed. Greece's Culture Minister Lina Mendoni said the show used the Acropolis for commercial purposes, in breach of a national law. She said it took place without approval from the Culture Ministry. Get in touch with our news team by emailing us at webnews@ For more stories like this, check our news page. MORE: Moment 'drug driver' is dragged from car after Liverpool fans struck in parade MORE: British pensioner, 79, 'caught with five kilos of methamphetamine' at airport in Chile MORE: Man 'cooked his Chihuahua puppy to death in oven because it wouldn't stop barking'

Siddharth Pai: Arm employees against sophisticated cyberattacks

Mint

16 hours ago

Business
Mint

Siddharth Pai: Arm employees against sophisticated cyberattacks

The internet can be more dangerous than even the roughest part of a big city. Consider this: Over the Easter weekend, British retailer Marks & Spencer (M&S) fell victim to a cyberattack that proved not only costly in financial but also reputational terms. It stemmed not from a failure of firewalls or malware detection tools, but AI-enabled social engineering. A hacker group known as Scattered Spider is being probed for breaching M&S's systems through a third-party IT services contractor. The attackers may have used impersonation techniques to gain unauthorized access to internal systems, resulting in leaked customer data, operational disruptions and an estimated financial hit of over £400 million. Also Read: Rahul Matthan: Brace for a wave of AI-enabled criminal enterprise It underscores an increasingly common theme in today's cybersecurity breaches: the exploiting of humans, rather than hardware or software. Cyber-safety is no longer just a technical issue to be left to the IT department; it's a human issue, deeply embedded in behaviour, awareness and preparedness. Human resource training is a pressing challenge in today's context. Organizations are facing an onslaught of evolving cyber threats—ransomware attacks, phishing scams, deepfake impersonations, credential stuffing and more. These don't merely target infrastructure, but also people. Employees get emails from attackers posing as executives, vendors or even co-workers. They're tricked into clicking malicious links, giving away login credentials or transferring money to fake accounts. So the front-line isn't the server room, but everyone's inbox. M&S wasn't alone. Around the same time, Peter Green Chilled, a logistics supplier for major supermarkets, was hit by a ransomware demand that disrupted its ability to deliver fresh goods—a classic example of how lapses can ripple across supply chains. In each case, the technical sophistication of the attack was significant, but what often allowed entry was an older vulnerability: human error, complacency or ignorance. That's where training comes in. However, unlike other workplace modules like those for code compliance or harassment awareness, cybersecurity training poses unique challenges. For one, the threat landscape evolves constantly. Techniques that were cutting-edge six months ago may be obsolete now. Social engineering tactics are increasing as attackers study employee behaviour to refine their methods even as training modules struggle to keep pace. Also Read: Dodgy aides: What can we do about AI models that defy humans? Then there's an engagement problem. Most employees don't exactly look forward to such training. The mere mention conjures images of outdated videos, multiple-choice quizzes and unrelatable jargon. For behaviour change, the content must be engaging, memorable and relevant to people's day-to-day roles. Trained users are 30% less likely to fall for phishing attempts ( Gamification may work. If employees are challenged to identify phishing emails in a simulated inbox, or compete in cybersecurity 'escape rooms' that require them to solve puzzles based on real threats, they are far likelier to remember the lessons. Interactive storytelling and incentives could work. Case studies, like M&S's, could be used. Another solution is adaptive learning. Tools powered by large language models, such as Gen AI-based systems, can tailor training material to an employee's role, learning pace and previous performance. A marketing executive who frequently handles customer data might need a different module from a warehouse supervisor. Likewise, training systems can use natural language interactions as learning chats. This would not only enhance comprehension but also facilitate continuous reinforcement. However, designing and implementing such training programs isn't solely the responsibility of the IT department. All departments must join hands, with HR embedding cyber awareness into the cultural fabric of the organization and fostering a mindset where everyone makes safety part of their job. When employees understand that a single careless click can cause multimillion-pound damage, as in the case of M&S, they're more likely to internalize the lessons. To sustain cybersecurity training, it should be embedded into everyday workflows. Micro-learning modules, brief but frequent sessions delivered via mobile devices or placed in productivity platforms, can reinforce knowledge incrementally. These modules could be triggered contextually—for example, providing a phishing refresher right after an employee forwards a suspicious email. Over time, such nudge-based training would build everyone's muscle memory, turning caution into instinct. Also Read: Rahul Matthan: Don't let data privacy safeguards work against us The stakes could not be higher. Over 80% of the world's largest organizations report at least one major breach a year. It's not just about firewalls and antivirus software anymore; it's about employees in coffee shops, on personal devices, at home networks and in third-party vendor offices. That reality demands that HR development evolve beyond compliance checklists and become an active, dynamic component of the organization's cybersecurity strategy. Ultimately, the best defence an organization can build is not a piece of software, but a culture—one where every employee acts as a guardian of data and systems. It demands well-designed, engaging and adaptive training efforts that keep pace with the adversaries we face. In the game of cybersecurity, humans aren't just a vulnerability—they're also the solution. The author is co-founder of Siana Capital, a venture fund manager.

Dubai's Retail Scene Set for Major Boost with Three-Day Mega Sale

Arabian Post

17 hours ago

Business
Arabian Post

Dubai's Retail Scene Set for Major Boost with Three-Day Mega Sale

Dubai is gearing up for its largest shopping event of the year, as the Three-Day Super Sale returns from May 30 to June 1, offering discounts of up to 90% across more than 2,500 outlets and over 500 brands citywide. The event, strategically timed ahead of Eid Al Adha, is expected to draw significant footfall from both residents and tourists seeking value-driven purchases. Organised by the Dubai Festivals and Retail Establishment , the biannual sale encompasses a broad spectrum of products, including fashion, electronics, homeware, beauty, and groceries. Prominent brands such as IKEA, Marks & Spencer, Sephora, Sharaf DG, and Damas are participating, with substantial markdowns anticipated. Key shopping destinations like Mall of the Emirates, Dubai Mall, City Centre Deira, and Ibn Battuta Mall are among the venues hosting the sale. Additionally, Dubai Festival City Mall is offering a 10% cashback on purchases of AED 1,000 or more, with an increased cashback of 12.5% for BLUE rewards members. ADVERTISEMENT The timing of the sale aligns with the upcoming Eid Al Adha festivities, providing shoppers an opportunity to prepare for the holiday season. Families, who often spend up to AED 4,000 on Eid shopping, are expected to benefit significantly from the discounts. Retailers are optimistic about the event's impact on sales and customer engagement. The 3DSS has historically led to a substantial increase in consumer spending, with some outlets reporting a 200% surge during the sale period. Shoppers are advised to plan their visits strategically to avoid peak hours and ensure a more comfortable shopping experience. Early morning visits are recommended to secure the best deals and avoid large crowds.

Adidas Says Cyber Attack Targeted Customers' Personal Information, Credit Card Data Marked ‘Safe' From Breach

Yahoo

a day ago

Business
Yahoo

Adidas Says Cyber Attack Targeted Customers' Personal Information, Credit Card Data Marked ‘Safe' From Breach

Adidas is the latest retailer to fall victim to a cyberattack. The German sportswear brand said on Friday that an unauthorized external party obtained certain consumer data through a third-party customer service provider.' The company said on its website that it immediately took steps to 'contain the incident.' It also launched a comprehensive probe on the matter and is collaborating with leading information security experts. More from WWD China Insight: Will China's Cultural Tourism Boom Power Fashion's Next Growth Engine? The Adidas Samba Is Getting Zipped Up by Longtime Collaborator Jeremy Scott Steve Madden Claims 'Adidas Does Not Own All Stripes' in New Lawsuit Adidas emphasized that affected data 'does not contain passwords, credit cards or any other payment-related information.' The accessed information was centered on contact information of consumers who had contacted the brand's customer service help desk in the past. The company said it is in the process of notifying potentially impacted consumers, as well as appropriate data protection and law enforcement authorities. 'We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident,' the company said in a statement. Adidas did not indicate the number of consumers who were potentially exposed to the cyberattack. Data breaches have been around for years. The largest were the Yahoo data breaches in 2013 and 2014, involving over 3 billion user accounts. In 2013, American mass discounter Target Corp. suffered a breach that compromised 40 million credit and debit card records—and 70 million customer records—when hackers gained access to the point-of-sale (POS) systems of one of the retailer's vendors during the holiday season. It was a costly one for the discounter as it determined that the total cost of breach was $202 million, including the $18.5 million it paid in a multi-state settlement and the loss of sales as wary customers in the aftermath elected to shop elsewhere. A cyberattack in 2023 involving personally identifiable information of customers impacted 35 million customers of apparel giant VF Corp. That same year, 10 million JD Sports customers had their information stolen, which included the last four digits of their credit cards that were used for payment. Earlier this month, Harrods, Marks & Spencer and the Co-op Group in the U.K. have seen hackers targeting their online operations. Harrods took proactive steps to keep certain systems safe, including restricting internet access at its sites. 'We are really sorry that we've not been able to offer you the service you expect from M&S over the last week. We are working day and night to manage the current cyber incident and [to] get things back to normal for you as quickly as possible,' said Stuart Machin, Marks & Spencer's chief executive officer, adding that stores were open heading into the bank holiday weekend on May 5. Also in May, Dior confirmed that it was impacted by a data breach involving its Chinese customer base. The LVMH Moët Hennessy Louis Vuitton-owned brand discovered that on May 7, an unauthorized external individual had stolen certain customer data, but not any financial information such as bank account or payment card numbers. 'The teams at Dior, supported by leading cybersecurity experts, continue to investigate and respond to the incident,' wrote a Dior spokesperson in an email. A report from KnowBe4 in March said there is a 56 percent spike in retail cyberattacks driven by phishing and AI. 'This puts retail in the top five industries targeted by cybercriminals,' the report said. It noted that the average cost of a single retail data breach 'reached $3.48 million in 2024,' representing an 18 percent increase from 2023. The greatest threat now involves 'credential harvesting,' where personal information is stolen. The report said that credential harvesting is now the predominant threat, accounting for 38 percent of all compromised data in 2023, while payment card data theft fell to 25 percent. Stolen credentials are preferred because they provide immediate access to personal accounts, bypassing security measures. Retailers typically keep a record of their customers' past purchasing information and tracking data on where packages are sent. Best of WWD All the Retailers That Nike Left and Then Went Back Mikey Madison's Elegant Red Carpet Shoe Style [PHOTOS] Julia Fox's Sleekest and Boldest Shoe Looks Over the Years [Photos]