JD Sports cyberattack exposes data of 10m people

The sportswear retailer JD Sports disclosed a cyberattack that involves the data of 10 million customers, whose personal and financial information might have been accessed by threat actors.

The attack affected those who placed their orders for the JD, Size?, Millets, Blacks, Scotts, and MilletSport brands between November 2018 and October 2020 – an estimated “10 million unique customers.”

According to the company, the potentially compromised information includes names, addresses, email accounts, phone numbers, order details, and the final four digits of bank cards.

However, JD Sports also called the accessed data “limited,” adding that it doesn’t store full payment card details. Additionally, it doesn’t believe that account passwords were compromised.

Yet, all customers are told to watch out for phishing emails, texts, or phone calls.

“We want to apologize to those customers who may have been affected by this incident,” said Neil Greenhalgh, the JD Sports chief financial officer. “We are advising them to be vigilant about potential scam emails, calls, and texts and providing details on how to report these.”

According to the currently available information, JD Sports discovered the attack in recent days, with only the historical data affected.

"We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cybersecurity experts," the company said.

The attack follows another cyber incident that has recently affected a major UK company. Royal Mail was targeted by a ransomware group with Russian ties, LockBit, which allegedly demanded a ransom payment for encrypted data.