JD Sports reports cyber security breach affecting 10 million customers
JD Sports has been the target of a cyber security breach affecting orders – made by around 10 million customers – that took place across a number of its brands from November 2018 and October 2020.
The sports fashion giant is advising customers who purchased from JD Sports, Size?, Millets, Blacks, Scotts and MilletSport during this time to be vigilant for email scams, calls or texts but it has said that it does not hold historic full payment data and it has no reason to believe that passwords had been accessed.
Information that may have been accessed consists of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.
JD said it had taken the "necessary immediate steps" to investigate and respond to the incident, including working with leading cyber security experts. It is engaging with the relevant authorities, including the UK's Information Commissioner's Office, as necessary.
Customers affected will be contacted directly by the retailer, which is urging them to be "vigilant to the risk of fraud and phishing attacks. This includes being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands."
Neil Greenhalgh, Chief Financial Officer of JD Sports, said: "We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD."