Adidas AG is the latest company to come under attack from cyber-thieves looking to steal personal information, with millions of customers potentially at risk.

The athletic-wear company alerted customers on Thursday June 28 about a possible data breach on its U.S. website. A preliminary investigation found the leaked data includes contact information, usernames and encrypted passwords, the company said in a statement. Adidas said it does not believe any credit card or health and fitness information was compromised.

“We are alerting certain consumers who purchased on adidas.com/US about a potential data security incident. At this time this is a few million consumers,” a spokeswoman said in an email.

The disclosure marks the latest in a series of data breaches at major companies across a broad swath of industries, including retailers Hudson’s Bay Co. and Under Armour Inc., aerospace giant Boeing Co., airlines like Delta Air Lines Inc. and natural gas pipelines and electric utilities.

The company said it found out about the problem on Tuesday June 26, when “an unauthorized party” claimed to have acquired some of its consumer data. Adidas is in the process of conducting a forensic review and is alerting customers it believes could be affected