JD Sports Group Hacked
JD Sports, the high street sports fashion retail giant, has confirmed that it was targeted in a successful cyber-attack that has resulted in unauthorized access to customer data. How much data? A JD Sports Fashion Plc spokesperson told me the number could be "approximately 10 million unique customers."
Here's what we know so far
In an email to customers, the JD Sports Group has confirmed that a security incident, which may impact as many as 10 million customers, gave attackers access to data including "full name, delivery and billing address(es), email address, phone number, final 4 digits (only) of payment card and/or order details."
According to the email, the data is from a database containing orders placed between November 2018 and October 2020
JD Sports Fashion Plc statement to the press
In a statement emailed to me by a JD Sports Fashion Plc spokesperson, the organization confirmed that the affected JD Sports group brands are "JD, Size?, Millets, Blacks, Scotts and MilletSport." The statement also added that JD Sports do not hold full payment card details, and the company "has no reason to believe that account passwords were accessed."
Obviously, being a cybersecurity specialist, I would advise all customers of any of those brands to change their passwords as soon as possible, regardless. We take your security seriously.
"We want to apologize to those customers who may have been affected by this incident," Neil Greenhalgh, the chief financial officer of JD Sports, said, adding that advice is being sent for them to be vigilant regarding scam emails, calls, and texts. While a full security review is continuing, including help from external specialists, Greenhalgh somewhat predictably said, "protecting the data of our customers is an absolute priority for JD."
Security experts offer advice to concerned customers
John Davis, the U.K. and Ireland director at the SANS Institute, says, "cybercriminals are levelling up. Their attacks are more prevalent, more sophisticated, and harder to detect. Brand reputations and relationships with customers are on the line. Customers will reward businesses who can persuade them they are best equipped to manage their data. The golden rule to remember is that prevention is always better than cure. Power comes through knowledge about how cyberattacks could happen and flagging them to the UK's national reporting centre for fraud and cybercrime."
What's Your Reaction?
