Sportswear chain JD Sports said the stored data of its 10 million customers could be at risk after being hit by a cyberattack.
According to the company, the information the hacker “may have accessed” includes his name, address, email his account, phone number, order details, and the last four digits of his bank card.
This data is for his online orders from November 2018 to October 2020. JD Sports said it is contacting affected customers.
The group said the data affected was “limited.” It added that the payment card details were not complete and that it did not believe the hackers had accessed the account password.
JD Sports Chief Financial Officer Neil Greenhalgh said: “Protecting our customers’ privacy is a top priority for JD.” The attack involves online orders for the JD, Size?, Millets, Blacks, Scotts, and MilletSport brands and is believed to have been discovered recently by the company, but only historical data was accessed.
The company said it was working with “leading cybersecurity experts” and with the UK’s Information Commissioner’s Office (ICO) in response to the incident.
Greenhalgh said affected customers have been advised to “beware of potentially fraudulent emails, calls and texts.”
Several companies in the UK have recently been hit by cyberattacks. Royal Mail was hit by a ransomware attack earlier this month, halting the delivery of mail and parcels abroad. In December, The Guardian also fell victim to a suspected ransomware attack.
Retailers are one of the main targets for cyberattacks because they retain so much customer data, according to Lauren Wills-Dixon, an attorney and privacy expert at the law firm Gordons.
But, she said, “the industry’s increased use of technology to reduce overhead and streamline operations has further increased the risks.”
“In this new world, cyberattacks happen when not if,” she said. A spokesperson for the ICO confirmed that it is aware of the attack and is evaluating information provided by JD Sports.
Scott Nicholson, co-CEO of cybersecurity firm Bridewell, said malicious software known as “malware” used by criminals to steal information from companies is on the rise. “While it is good that JD Sports has stated that they are working with experts to assist in containment and recovery, we would like to inform you that regarding the samples provided by the ICO, we take the protection of customer data very seriously. I’m thinking,’ he added, once their comments have settled.