Adidas warned late on Thursday that hackers may have lifted customer data from its US website.
The sportswear maker said personal data, including contact information (addresses and email addresses), and encrypted passwords may have fallen into the hands of criminals, but was able to reassure customers that neither financial nor fitness information was at risk.
"According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords," it said. "adidas has no reason to believe that any credit card or fitness information of those consumers was impacted."
The company has notified law enforcement and brought in experts to help investigate the breach, which Adidas said it became aware of on 26 June after claims by "an unauthorized party", implying the breach was only detected once hackers attempted to sell the data.
Adidas said it is alerting affected customers.
This leaves an as-yet-unspecified number of customers at heightened risk of unusually convincing phishing emails. Extra vigilance and changing passwords is advisable. Only consumers who made purchases through adidas.com/US are thought to be affected.
When asked to comment on the root cause of the breach or the number of records potentially exposed, Adidas told The Register: "At this time we have no information to share beyond what is in our statement." ®