British sportswear retailer JD Sports has reported a data breach affecting more than 10 million customers.
The retailer said on January 30 that the data breach occurred after a malicious party gained unauthorized access to a system containing customer data related to orders placed between November 2018 and October 2020. This included orders from other JD Sports group company including JD, Blacks, Size?, Scotts, Millets and MilletSport.
JD Sports told the London Stock Exchange that the data accessed was “limited” because the retailer “does not believe passwords were accessed” and does not store payment information. Information accessed during the breach may include names, email addresses, last four digits of payment cards, delivery addresses, phone numbers, billing addresses and order details.
The company said it was “actively contacting” those affected by the breach and urged all customers to remain vigilant for phishing attacks and post-breach fraud attempts.
JD Sports’ chief financial officer, Neil Greenhalgh, said: “We would like to apologize to customers who may have been affected by this incident… We are continuing a full review of our cyber security in collaboration with external specialists following this incident.. Protecting our customers’ data is an absolute priority for JD.
The sports fashion retailer said it would cooperate with relevant authorities including the UK Information Commissioner’s Office (ICO) to investigate the incident.
