JD Sports hit by cyber-attack that leaked 10m customers’ data

Retail group says incident affected shoppers at JD, Size?, Millets, Blacks, Scotts and Millets Sport brands

The fashion retailer JD Sports said the personal and financial information of 10 million customers was potentially accessed by hackers in a cyber-attack.

The company said incident, which affected some online orders made by customers between November 2018 and October 2020, targeted purchases of products of its JD, Size?, Millets, Blacks, Scotts and Millets Sport brands.

The retailer, which has notified the Information Commissioner’s Office about the security breach, said it was contacting affected customers warning them to be aware of potential scams.

“We want to apologise to those customers who may have been affected by this incident,” said Neil Greenhalgh, the JD Sports chief financial officer . “We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these.”

The company said information that may have been accessed by hackers included names, billing and delivery addresses, phone numbers, order details and the final four digits of payment cards of “approximately 10 million unique customers”.

However, JD Sports said the “affected data is limited” as it did not hold full payment data and the company “has no reason to believe that account passwords were accessed”.

JD Sports said it had taken the “necessary immediate steps” to investigate and respond to the incident, including working with cybersecurity experts, and to be aware of potential fraud and phishing attacks and “be on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands”.

“We are continuing with a full review of our cybersecurity in partnership with external specialists following this incident,” said Greenhalgh. “Protecting the data of our customers is an absolute priority for JD.”

This month Royal Mail revealed it had been hit by a ransomware attack by a criminal group, which threatened to publish the stolen information online, and said it could not process international parcel and letter deliveries.


Mark Sweney

The GuardianTramp

Related Content

Article image
EasyJet reveals cyber-attack exposed 9m customers' details
Airline apologises after credit card details of about 2,200 passengers were stolen

Jasper Jolly

19, May, 2020 @11:13 AM

Article image
Lloyds bank accounts targeted in huge cybercrime attack
Banking group says none of its 20m accounts were hacked or compromised after fending off two-day denial of service attack

Patrick Collinson

23, Jan, 2017 @12:20 PM

Article image
BA chief pledges to compensate customers after data breach
Álex Cruz apologises for ‘sophisticated’ theft affecting 380,000 payment cards

Sarah Marsh

07, Sep, 2018 @8:09 AM

Article image
GCHQ cybersecurity experts investigate Dixons Carphone data breach
Electronics retailer apologises for breach involving 5.9m customers’ bank card details

Angela Monaghan

13, Jun, 2018 @3:42 PM

Article image
Superdrug targeted by hackers who claim to have 20,000 customer details
Health and beauty retailer advises online customers to change their passwords

Angela Monaghan

22, Aug, 2018 @7:38 AM

Article image
FCA urges Capita clients to ascertain if data was compromised in cyber-attack
Corporate clients that outsource work to Capita – including Aviva and Phoenix Group – must ‘assess fallout from data breach’

Alex Lawson

03, May, 2023 @4:03 PM

Article image
Huge rise in hacking attacks on home workers during lockdown
Cybercriminals are exploiting fears and chaos caused by coronavirus, says security firm

Jasper Jolly

24, May, 2020 @12:42 PM

Article image
TalkTalk profits halve after cyber-attack
Telecoms firm reveals cost of attack hit £42m, cutting its profits from £32m to £14m

Angela Monaghan

12, May, 2016 @8:42 AM

Article image
TalkTalk cyber-attack: company unsure how many customers affected
Boss apologises for breach which could have compromised financial details of up to 4 million people, amid speculation of Islamic militant involvement

Nadia Khomami

23, Oct, 2015 @8:39 AM

Article image
Tesco Bank cyber raid 'unprecedented', says financial regulator
FCA chief tells MPs that ‘serious’ theft from 20,000 accounts may be linked via debit card flaw as customers report money transfered to Brazil and Spain

Jill Treanor

08, Nov, 2016 @11:48 AM