JD Sports has admitted it was the target of a cyber attack which saw the data of approximately 10 million customers accessed by those responsible.

The incident, which impacted a number of brands including JD, Size?, Millets, Blacks, Scotts, and MilletSport, involved unauthorised access to a system that contained data relating to some online orders placed between November 2018 and October 2020.

JD Sports says that the affected data is “limited”, adding that the company does not hold full payment card data.

It also said that it has no reason to think account passwords were accessed in the attack.

Instead, it says that the type of information accessed consists of things like names, billing addresses, delivery addresses, email addresses, phone numbers, order details, and the final four digits of payment cards.

The company assured shareholders that it is investigating the incident with "leading cyber experts" and engaging with the Information Commissioner's Office (ICO).

JD Sports is contacted affected customers and advising them to be aware about the risk of fraud and phishing attacks - including being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.

"We want to apologise to those customers who may have been affected by this incident,” said Greenhalgh, chief financial officer, JD Sports. “We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.”

The CFO said that protecting customer data is a priority for the brand, with the company continuing with a review of its security.

Share Story: