Dark Web Digest – Retail Giants Hit by Cyberattacks – M&S, Adidas, and Dior Data Breaches Expose Millions

📣 Special Edition: Dark Web Digest

We’re dropping this edition ahead of schedule – and for good reason.

With major retail giants like Marks & Spencer (M&S), Adidas, and Dior recently hit by high-impact cyberattacks, we felt it was important to get this to you now, while the news is still unfolding and relevant.

These breaches have exposed millions of customers’ personal data and disrupted business operations, reminding us yet again how vulnerable even the biggest brands are to cyber threats.

In this special edition, we’re breaking down what happened, what it means for you, and what steps you can take to protect your information, especially if you’ve shopped with any of these brands recently.

Let’s get into it.

This Week’s Spotlight: Major Retail Data Breaches

• Marks & Spencer (M&S): A cyberattack led to the exposure of customer data and significant supply chain disruptions, resulting in an estimated £300 million profit loss. 
• Adidas: Separate breaches in Turkey and South Korea compromised customer information, including names, contact details, and dates of birth. 
• Dior: An unauthorized access incident exposed customer contact information and purchase histories, though financial data remained secure. 
• Protect Yourself: Utilize tools like PureVPN’s Dark Web Exposure Scan to check if your data has been compromised and take proactive measures to secure your information.

Detailed Overview of the Breaches

1. Marks & Spencer (M&S)

Incident Overview: In April 2025, M&S experienced a cyberattack attributed to the hacking group “Scattered Spider,” leading to substantial operational disruptions and consumers’ personal data being leaked. 

It is reported that M&S is still struggling to restore its systems nearly a month after the attack, as its online ordering system is in shambles. In a latest website update, it admitted that some customer data had been stolen in the attack, prompting a customer-wide password reset.

Data Compromised: Personal customer data, including names, addresses, phone numbers, email addresses, dates of birth, and online order histories. While M&S stressed that no payment details, bank card information, or account passwords were compromised, and no report of the stolen data has been shared, concerns persist over the potential for fraud.

Impact: The attack resulted in a projected £300 million loss in operating profits, with online operations halted and supply chains disrupted. 

Moreover, since customers’ dates of birth, contact details, and online purchase histories have been accessed and could be used in phishing attacks, the company has now been hit with a class action lawsuit. 

Reportedly, Thompsons Solicitors, a Scottish law firm, is filing a claim against M&S, accusing the company of failing to adequately protect customer data and thereby exposing shoppers to potential scams.

Cause: The hackers allegedly gained access to the retailer’s systems by using the login credentials of two employees from a third-party business partner, Tata Consultancy Services (TCS).

2. Adidas

Adidas faced two separate data breaches:

• Adidas Türkiye: It has announced a data breach that exposed the personal information of some of its customers to unauthorized parties. The company has confirmed unauthorized access to its systems, which exposed customer details.
  
  Reportedly, personal customer details such as names, email addresses, phone numbers, dates of birth, and other information were impacted by what looks like a hacker attack.
  
• Adidas Korea: The company reportedly confirmed a security breach affecting customer data, marking the second major incident in the fashion industry targeting South Korean consumers. 

The breach involved unauthorized access via a third-party customer service provider, compromising customers’ personal information who had contacted their service centers.

According to reports, the compromised data includes customer names, email addresses, phone numbers, and in some cases, birthdates and physical addresses.

Data Compromised: Sensitive customer information has been compromised, which increases the risk of cyberattacks. Attackers can utilize the stolen information for identity theft and targeted phishing attacks.

Impact: The breaches exposed personal data of customers who interacted with Adidas’s customer service centers, raising concerns over data handling practices. In both cases, the company reportedly stressed that financial information and credit card data were not impacted during the systems breach.

Cause: Both hacks were conducted by gaining unauthorized access through third-party customer service providers.

3. Dior

Incident Overview: Reportedly, on May 7, 2025, Dior discovered unauthorized access to its customer database, affecting clients in Asia.

Data Compromised: Personal details such as full names, gender, email addresses, postal addresses, phone numbers, purchase history, and customer preferences. 

Impact: While no financial data was compromised, the breach highlighted vulnerabilities in managing customer relationship data.

Response: Dior promptly engaged cybersecurity experts, notified affected customers, and is cooperating with regulatory authorities.

Why You Should Be Concerned

These breaches illustrate the escalating threats facing the retail sector, where vast amounts of customer data are at risk. 

Cybercriminals exploit vulnerabilities in third-party systems and human errors, leading to significant financial and reputational damage. As consumers, the exposure of personal information can result in identity theft, phishing attacks, and unauthorized transactions.

How to Stay Safe

If you’re looking for ways to protect your data and keep yourself ahead of dark web threats, here are some steps that you can follow:

Check If Your Data Is on the Dark Web

You can visit PureVPN’s free Dark Web Exposure Scan (also linked above) to determine if your email address has been found in a data breach. In just 30 seconds, you can discover:

• Breach Severity: Assess the criticality of the breach.
• Recency of Exposure: Identify how recently your data was compromised.
• Number of Breaches Detected: Understand the extent of your data exposure.

Being informed is the first step toward safeguarding your digital identity.

Additional Protective Measures

• Monitor Financial Statements: Regularly review bank and credit card statements for unauthorized transactions.
• Check Credit Reports: Obtain credit reports to detect unfamiliar accounts or activities.
• Be Vigilant for Phishing Attempts: Exercise caution with unsolicited communications requesting personal information.
• Use Strong, Unique Passwords: Avoid reusing passwords across multiple accounts.
• Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts.
• Regularly Update Software: Ensure all devices and applications have the latest security patches.
• Invest in Cybersecurity Solutions: Consider using VPNs, antivirus software, and identity theft monitoring services.

What’s Next?

The M&S, Adidas, and Dior breaches serve as a stark reminder: no brand is too big to be breached. Cybersecurity is no longer optional – it’s essential.

While companies must do more to safeguard their systems, consumers must also take responsibility for their digital hygiene.

Stay alert, stay protected, and take charge of your digital and personal security.

Note: The information provided in this report is based on publicly available sources as of May 23, 2025. For the most current updates, please refer to official statements and cybersecurity news outlets.