Sports goods manufacturer Adidas has revealed a data breach on its US website. According to the official press release, the company first became aware of the incident on Tuesday, June 26, when it came to know that an unauthorized party was claiming to have acquired the details of some Adidas customers. On learning about the incident, the company says it “immediately began taking steps to determine the scope of the issue and to alert relevant consumers”.

The company further says that it is “committed to the privacy and security of its consumers’ personal data”, and is “working with leading data security firms and law enforcement authorities to investigate the issue”. The company also said that it believes only a relatively limited amount of data has been compromised by the incident

“According to the preliminary investigations, the limited data includes contact information, usernames and encrypted passwords”, says the press release. In what must come as a big relief to customers, the company further states that there’s no reason to believe “that any credit card or fitness information of those consumers was impacted”.

It’s worth noting here that even though Adidas initially didn’t give out any numbers about the number of affected customers, Bloomberg is quoting an official spokeswoman to report that “a few million consumers” may have been impacted by the incident. According to the spokeswoman, “We are alerting certain consumers who purchased on adidas.com/US about a potential data security incident. At this time this is a few million consumers”.

It isn’t immediately known what method was employed by the hackers to break into the Adidas database, but the company is now the second major sports goods manufacturer to have suffered a data breach this year after Under Armour last March revealed that as many as 150 million users of its MyFitnessPal app might have been impacted by a massive security breach.