Sportswear giant JD Sports – the firm behind the JD, Size?, Millets, Blacks, Scotts and MilletSport brands – has fessed up to a major cyber attack on its group database, admitting that the personal data of 10 million customers might be at risk.
The company said information included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards, relating to online orders between November 2018 and October 2020.
The attack related to online orders placed for with all brands and it is understood it was detected by the company in recent days.
JD Sports said it was contacting affected customers, although it insists the breach was “limited”, claiming it did not hold full payment card details and did not believe that account passwords were accessed by the hackers.
JD Sports chief financial officer Neil Greenhalgh commented: “We want to apologise to those customers who may have been affected by this incident. Protecting the data of our customers is an absolute priority for JD.”
The company said it was working with “leading cyber security experts” and had reported the incident to the UK’s Information Commissioner’s Office.
Greenhalgh said affected customers were being advised “to be vigilant about potential scam emails, calls and texts”.
It is not known whether the incident is a ransomware attack.
Royal Mail is still suffering the after-effects of its attack which started on January 10. Last week, the firm renewed a call to firms not to post new items to overseas destinations.
However, the company insisted that international deliveries of letters and parcels are now getting back on track and it is starting to clear the backlog after implementing a workaround, which has enabled the organisation to mitigate the impact of the attack.
Firms suffer as Royal Mail fails to lift block on new post
Royal Mail still crippled as attack enters the fifth day
Hack attack rocks Royal Mail international services
Tech security staffer gets 5 years for ransomware spree
Wakey, wakey: Data breaches cost UK firms £4bn a year
Under siege: Marketers’ favourite password is ‘123456’