JD Sports reports cyber-attack impacting millions of customers

• February 1st, 2023
Data Privacy, Data Protection, Mobile Security, Online Safety, PC security

Sportswear retailer JD Sports has confirmed that a recent cyber-attack may have resulted in the exposure of around 10 million customers’ personal data, including names, addresses, email addresses, phone numbers, order details, and the last four digits of bank cards linked to online orders placed between Nov 2018 and Oct 2020.

Despite the company’s claim that the data potentially accessed is “limited,” it is taking measures to inform affected customers and advising them to be cautious of potential scam emails, calls, or texts.

In a statement, JD Sports CFO, Neil Greenhalgh, expressed regret to customers and highlighted the company’s commitment to data protection as a top priority.

JD Sports is working with leading cyber-security experts and engaging with the UK’s Information Commissioner’s Office (ICO) in response to the attack.

Cyber-attacks are becoming increasingly common, with retailers being a frequent target due to their possession of large amounts of customer data.

The growing use of technology in the retail sector only increases the risk. According to Lauren Wills-Dixon, a data privacy expert at law firm Gordons, it’s no longer a question of “if” a cyber-attack will happen, but “when.”

The ICO has confirmed its knowledge of the attack and is reviewing information provided by JD Sports.

Scott Nicholson, co-CEO of cyber-security firm Bridewell, noted that JD Sports’ handling of the situation will be closely monitored by the ICO and that the company’s dedication to protecting customer data will be put to the test.