JD Sports has been hit by a cyber attack, resulting in hackers gaining access to customer data relating to online orders placed between November 2018 and October 2020.
The affected brands from the group are JD, Size?, Millets, Blacks, Scotts and MilletSport.
The information that may have been accessed consists of names, billing addresses, delivery addresses, email addresses, phone numbers, order details and the final four digits of payment cards of approximately 10 million customers.
The company said in a statement:“We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts,” said the retailer in a statement.
“We are engaging with the relevant authorities, including the UK’s Information Commissioner’s Office (ICO), as necessary.”
It added that the “affected data is limited” and does not include full payment card data, which it does not hold, and “has no reason to believe that account passwords were accessed.”
JD Sports chief financial officer Neil Greenhalgh added: “We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.”
“We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”
