JD Sports has been the victim of a cyber attack, resulting in the unauthorised access to a system that contained customer data relating to some online orders placed between November 2018 and October 2020.
The impacted JD Sports group brands are JD, Size?, Millets, Blacks, Scotts and MilletSport.
According to the retailer, hackers accessed a system including the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.
JD has warned customers to stay vigilant against any potential fraudsters who could use this information to target shoppers, and convince them that they are calling, emailing or texting from the company.
Subscribe to Charged Retail for free
Click here to get the latest retail tech news free in your inbox each day
“We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts,” said the retailer in a statement.
“We are engaging with the relevant authorities, including the UK’s Information Commissioner’s Office (ICO), as necessary.”
JD Sports chief financial officer Neil Greenhalgh added: “We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.”
“We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”
