The news: Adidas is the latest retailer to fall victim to a cyberattack.

• The company disclosed that criminals accessed “certain consumer data,” though the breach did not include passwords, credit card numbers, or other payment-related information.
• Most of those affected had previously contacted Adidas’ customer service help desk.

The context: The incident underscores a broader and growing threat: Cyberattacks are increasingly targeting the retail sector.

• In 2024 alone, retailers faced 837 attempted cyberattacks—a 15% YoY increase—according to Verizon’s latest Data Breach Investigations Report. Half of those attempts resulted in data breaches. While only 12% involved payment information, the frequency and success rate of these attacks signal mounting risks for the industry.
• Recent high-profile breaches illustrate the scale of the problem. UK retailers Marks & Spencer, Harrods, and Co-op have all recently been hit, while last year’s cyberattack on Advance Auto Parts exposed the personal data of more than 2.3 million people.
• The financial toll is significant. Marks & Spencer recently announced that the April cyberattack it suffered will slash approximately £300 million ($405 million) from its group operating profits. The breach disrupted food sales due to reduced product availability and forced the company to temporarily curtail online shopping services—dragging down ecommerce sales and trading profits across key categories like fashion, home, and beauty.

Our take: Cyberattacks are always costly and disruptive, but they’re especially damaging in the current climate. With tariffs squeezing margins and economic uncertainty prompting consumers to pull back, retailers are under significant pressure.

A single breach can quickly snowball—upending operations, eroding consumer trust, and driving shoppers to rivals. In a hyper-competitive market, even a short disruption or loss of confidence can have long-lasting consequences on brand loyalty and the bottom line.