Adidas AG divulged late Thursday that an “unauthorized party” appears to have gained access to its systems and stolen the account details of online shoppers.

The sportswear company told the Wall Street Journal that a few million customers are believed to be affected. Adidas shared more details in a statement, saying that a preliminary investigation showed the stolen information included contact information, usernames and encrypted passwords but no payment details or fitness data.

The company also found that the attack was limited to its U.S. site. This means that international shoppers can probably breathe a sigh of relief for now,  but there’s a chance the scope of the breach may prove to be bigger than initially thought as the investigation progresses. Adidas said that it only became aware of the incident on Tuesday.

“Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers,” the company’s statement read. “Adidas is working with leading data security firms and law enforcement authorities to investigate the issue.”

The incident adds to the already lengthy list of high-profile breaches that have been reported so far this year. Just this week, the mobile security firm Appthority reported that thousands of apps are exposing more than 113 gigabytess of data via over 2,271 misconfigured Firebase databases, the Google service that developers use to create mobile apps.

Just a few days ago, the U.K. division of ticketing giant Ticketmaster Entertainment Inc. revealed that a malware infection compromised data belonging to nearly five percent of its user base. According to the company, customers’ names and payment details were among the stolen records.

Ticketmaster blamed the breach on a vulnerable third party support tool. It’s the second such incident in as many months that has been pinned on a security issue at an external support provider. In April, Delta Air Lines Inc. and Sears Holding Corp. disclosed that hundreds of thousands of their customers have had their data exposed in a cyberattack against [24]7.ai Inc., a contact center solutions provider.

Image: Adidas