JD Sports Cyber-Attack Affects Data Of 10 Million Customers

Retail group JD Sports said personal information on some 10 million of its customers may have been accessed as the result of a cyber-attack.

The company said the breach affected some online orders placed by customers between November 2018 and October 2020 from its JD, Size?, Millets, Blacks, Scotts and Millets Sport brands.

The company said it has notified the Information Commissioner’s Office and is contacting affected customers.

JD Sports chief financial officer Neil Greenhalgh said the apologised to affected customers.

‘Be vigilant’

“We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these,” he said.

The data that may have been accessed by hackers includes names, billing and delivery addresses, phone numbers, order details and the final four digits of payment cards for “approximately 10 million unique customers”.

But JD Sports said the data affected was “limited” as it does not hold full payment data. It said it had “no reason to believe” that account passwords were accessed.

The firm said it was taking the “necessary immediate steps” to investigate and respond in collaboration with cybersecurity experts.

Fraud risk

It warned users to be aware of potential fraud and phishing attacks and to “be on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands”.

“We are continuing with a full review of our cybersecurity in partnership with external specialists following this incident,” Greenhalgh said. “Protecting the data of our customers is an absolute priority for JD.”

The attack follows a ransomware attack on Royal Mail earlier this month that left it unable to process international parcel and letter deliveries.