Highlights:

  • The information hacked includes the customer’s name, delivery and billing addresses, email IDs, order details, contact number, and payment cards’ last four digits.
  • JD Sports immediately did all the needful as a response to cope with the hacking instance.

JD Sports Fashion plc, a retailer in the UK, reportedly got hacked, wherein the personal information of about ten million customers is believed to be compromised.

The company mentioned the issue as an instance of cyber-attack resulting in unauthorized access to the system storing the customer data linked to some online orders that happened from Nov 2018–Oct 2020. The affected JD Sports brands consist of JD, Millets, Size?, Scotts, Blacks, and MilletSport.

The information hacked includes the customer’s name, delivery and billing addresses, email IDs, order details, contact number, and payment cards’ last four digits. The company stated that it does not have the entire data of the payment cards, thus no room to presume that account passwords are jeopardized.

JD Sports immediately did all the needful in response to the hack that include, consulting cyber experts, having a word with authorities, contacting affected customers, and involving the Information Commissioner Officer of the UK. However, the company is not availing any identity theft service or credit monitoring to the customers affected, rather is asking them to be cautious.

Neil Greenhalgh, Chief Financial Officer, JD Sports, said, “We want to apologize to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam emails, calls, and texts and providing details on how to report these.

It has not been disclosed how this data got hacked. Greenhalgh mentioned that “protecting the data of our customers is an absolute priority,” hence the company is thoroughly involved in assessing its cybersecurity.

As JD Sports has not been revealing how the hack occurred, assumptions are getting rampant, with an exposed cloud of chief suspicion.

“Databases that are directly exposed to the internet are not difficult to find,” explained Denbigh-White, the security strategist at data loss prevention firm, Next DLP. “This incident highlights the critical importance of robust database security measures and the consequences when these measures fail (or are absent), including data breaches and unauthorized access to sensitive information.

Jayyad Malik, the security awareness advocate at KnowBe4 Inc., warned that the customers of JD Sports must be careful about any message or email received in the name of JD Sports.

“Criminals are always looking to piece together information from breaches to create convincing and authentic phishing scams,” said Malik. “If anyone receives such emails, they should not respond and rather seek to verify the authenticity directly with the company.