Fashion retailer JD Sports said hackers potentially accessed the personal and financial information of 10 million customers in a cyber attack.
The company said the incident, which affected some online orders placed by customers between November 2018 and October 2020, centered on purchases of products from its JD, Size?, Millets, Blacks, Scotts and Millets Sport brands.
The retailer, which notified the Information Commissioner’s Office about the security breach, said it was contacting affected customers to warn them to be aware of possible scams.
“We want to apologize to those customers who may have been affected by this incident,” said Neil Greenhalgh, JD Sports’ chief financial officer. “We advise you to be on the lookout for potential fraudulent emails, calls and text messages and we provide details on how to report them.”
The company said the information the hackers may have accessed included names, billing and delivery addresses, phone numbers, order details and the last four digits of payment cards for “approximately 10 million unique customers.” .
However, JD Sports said the “affected data is limited” as they did not have complete payment details and the company “has no reason to believe that account passwords were accessed.”
JD Sports said it had taken “necessary immediate steps” to investigate and respond to the incident, including working with cybersecurity experts, being aware of potential fraud and phishing attacks and “being vigilant about any suspicious or unusual communications purporting to be from JD Sports or any of the brands in our group”.
“We are continuing a full review of our cyber security in partnership with external specialists following this incident,” Greenhalgh said. “Protecting our customers’ data is a top priority for JD.”
This month, Royal Mail revealed that it had been hit by a ransomware attack by a criminal group, which threatened to post the stolen information online and said it could not process international parcel and letter deliveries.
