Following a cyber-attack, sportswear retailer JD Sports stated that stored information pertaining to 10 million customers may be at risk.
Names, addresses, email addresses, phone numbers, order information, and the last four digits of bank cards, according to the company, were among the data that hackers "may have accessed.".
Between November 2018 and October 2020, the information centered on online orders.
JD Sports stated that it was getting in touch with the affected customers.
The affected data was "limited," according to the group. Additionally, it stated that it did not possess all of the payment card information and that it didn't think the hackers had access to account passwords.
Neil Greenhalgh, chief financial officer of JD Sports, expressed regret to any customers who may have been negatively impacted by the incident. "At JD, protecting customer data comes first and foremost. ".
The company is believed to have discovered the attack recently; however, only historical data was accessed. The attack pertained to online orders placed for the JD, Size?, Millets, Blacks, Scotts, and MilletSport brands.
The business declared that it was collaborating with "leading cyber-security experts" and contacting the UK's Information Commissioner's Office (ICO) in response to the incident.
Customers who were impacted, according to Mr. Greenhalgh, were urged to "be vigilant about potential scam emails, calls, and texts.".
Recent cyberattacks have impacted a number of UK businesses. This month, Royal Mail was the target of a ransomware attack, which forced it to halt international post and package deliveries.
A suspected ransomware attack was also aimed at the Guardian newspaper in December.
Due to the vast amounts of customer data retailers hold, Lauren Wills-Dixon, a solicitor and data privacy expert at the law firm Gordons, said retailers were among the most frequent targets for cyber-attacks and that businesses needed to do more to prepare.
But she claimed that the industry's increased reliance on technology "to reduce overheads and streamline operations has raised the risk even further".
In the modern era, a cyber-attack will occur "when," not "if," she asserted.
The ICO was aware of the attack, according to a spokeswoman, and was reviewing the data provided by JD Sports.
A rise in the use of malicious software, or "malware," by criminals to steal data from businesses, according to Scott Nicholson, co-chief executive of cyber security firm Bridewell.
"It is encouraging to see JD Sports stating that they are working with experts to help from a containment and recovery perspective, but once the dust has settled their comments that "we take the protection of customer data extremely seriously" will be put to the test by the ICO," he continued.
