back to article Adidas US breach may have exposed millions of customers' personal info

Adidas warned late on Thursday that hackers may have lifted customer data from its US website. The sportswear maker said personal data, including contact information (addresses and email addresses), and encrypted passwords may have fallen into the hands of criminals, but was able to reassure customers that neither financial …

  1. Anonymous Coward
    Anonymous Coward

    A US Breach

    Keen to point out this excludes them from a GDPR mauling

    1. Phalanx

      Re: A US Breach

      It doesn't if EU individuals' data has been breached.

    2. Tom Paine

      Re: A US Breach

      Er, no it doesn't. Not if there are EU residents' PII in those databases. (Note: _residents_, not citizens. An American citizen with a US passport working in the UK is covered by GDPR. IANAL, if you get your advice from commentards you deserve anything you get, but that's my understanding anyway... )

  2. Blockchain commentard

    Why did they store email addresses/passwords in one place and useful info like credit cards in (presumably) another database? Haven't they heard of normalisation?

    1. Doctor Syntax Silver badge

      "Why did they store email addresses/passwords in one place and useful info like credit cards in (presumably) another database?"

      Because they're keeping the most sensitive stuff separate. Normalisation is one thing, security is another.

    2. Anonymous Coward
      Anonymous Coward

      > Haven't they heard of normalisation?

      Have you heard of PCI DSS?

    3. a_yank_lurker Silver badge

      "Why did they store email addresses/passwords in one place and useful info like credit cards in (presumably) another database? Haven't they heard of normalisation?"

      Normalization is database design paradigm. Also, they may have normalized the database and split the data into separate tables for security purposes. Normalization does not mean all the data that is common to an entity must be in the same table; it just means that data is not duplicated between tables. So splitting the data up for an entity between different tables may be done for a variety of reasons including security.

    4. Anonymous Coward
      Anonymous Coward

      One reason to do denormalization is speed. If many/most of my reports do not require the credit card fields, you don't' drag them into memory. The security aspect is also there, especially if you have those fields encrypted to begin with and you should damned well have them encrypted even to the dBA's and dBE's.

  3. Tinslave_the_Barelegged

    Fab sub-head, ElReg

    Better than the alternative "Come quietly, you've been Niked"

  4. scrubber

    Shoe sizes available online

    Should make the Prince's search from Cinderella quite a bit easier.

  5. Jay Lenovo
    Trollface

    Running joke

    They should have secured that data in a "Footlocker"

  6. Will Godfrey Silver badge
    Unhappy

    News?

    At this rate it will be news when we go an entire month without a breach being reported.

    1. Doctor Syntax Silver badge
      Unhappy

      Re: News?

      "At this rate it will be news when we go an entire month without a breach being reported."

      When there are so few left intact that it's not worth the effort of going after them.

    2. Anonymous Coward
      Anonymous Coward

      Re: News?

      month....? maybe a week?

  7. spold Silver badge
    FAIL

    ADIDAS...

    All Day I Dream About Security

  8. Ken Moorhouse Silver badge

    They didn't realise that the internet...

    ...cannot be connected to their sneakernet.

  9. MachDiamond Silver badge

    eTailers

    So, tell me again how shopping online is so much better than visiting a store and paying in cash.

    1. Anonymous Coward
      Anonymous Coward

      Re: eTailers

      In my case, housebound as I am, online shopping is worth the hassles. There's even more time, money, and aggravation just trying to get to one store during the month let alone all the others.

    2. Ken Moorhouse Silver badge

      Re: So, tell me again...

      Depends on whose credit card you're using...

  10. Stoneshop Silver badge
    Holmes

    The company has notified law enforcement and brought in experts

    Gumshoes among them?

  11. Anonymous Coward
    Anonymous Coward

    At least...

    ...it hasn't sparked the war on pronunciation.

    A-dee-das

    Versus

    Ad-ee-das

    1. Aqua Marina

      Re: At least...

      Ad-i-das

      Where the i sounds as it does in “is”

      At lease it was at my school. And Nike was pronounced like “Mike”, none of this Nik-ee rubbish.

      1. Anonymous Coward
        Anonymous Coward

        Re: At least...

        Adidas is named after Adi Dassler, the founder. Adi, Not Adee

        Nike is named after the goddess of victory, and is pronounced Ni-key

        I'll get my coat.

  12. Anonymous Coward
    Anonymous Coward

    I have a feeling...

    that when companies say that breached passwords were encrypted they mean:

    cGFzc3dvcmQ=

  13. Anonymous Coward
    Anonymous Coward

    In my experience...

    This will lead to massive spam from companies who buy this stolen data in addition to possible new fraudulent credit card accts. being opened and many more headaches. Companies who are negligent in protecting customer data should be held accountable both financially and criminally. You can bet if CEOs get sent to prison for 5+ years for their negligence, security will be taken much more seriously.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021