Retail group says incident affected shoppers at JD, Blacks, Size?, Millets, Scotts, and Millets Sport brands
The fashion retailer JD Sports said the personal and financial information of 10 million customers was possibly obtained by hackers in a cyber-attack.
This company said the incident, which affected some online orders placed by customers between November 2018 and October 2021, focused on purchases of products of its JD, Black, Size?, Millets, Scotts, and Millets Sport brands.
The retailer, which has notified the Information Commissioner’s Office about the security breach, said it was reaching out to affected customers warning them to be alert to potential scams.
“We want to apologize to those customers who may have been affected by this incident,” said Neil Greenhalgh, the JD Sports chief financial officer. “We are advising them to be vigilant about potential scam emails, calls, and texts and providing details on how to report these.”
The company said data that may have been obtained by hackers included names, phone numbers, billing, and delivery addresses, order details, and the last four digits of payment cards of “approximately 10 million unique customers”.
However, JD Sports said the “affected data is limited” as it did not contain full payment details and the company “has no reason to believe that account passwords were accessed”.
JD Sports said it had taken the “necessary immediate steps” to look into and respond to the incident, including working with cybersecurity experts, keeping an eye out for potential scams and phishing attacks, and “being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands”.
“We are continuing with a full review of our cybersecurity in partnership with external specialists following this incident,” said Greenhalgh. “Protecting the data of our customers is an absolute priority for JD.”
In January, Royal Mail disclosed it had suffered a ransomware attack by a criminal group, which threatened to leak the stolen information online, and said it could not process international parcel and letter deliveries.
