IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

10 million customers exposed in JD Sports cyber attack

The sports fashion retailer has urged customers to be “on the look-out" for scam emails in the wake of the incident

Fashion retailer JD Sports has been hit with a cyber attack that has exposed information on millions of customers.

In a statement confirming the incident, the company revealed that up to 10 million customer accounts may have been compromised in the attack.  

Exposed information is believed to include names, phone numbers, order details, billing and delivery addresses, and the final four digits of payment cards. 

An investigation by the company found that exposed information pertains to online customer orders made between November 2018 and October 2020.  

A number of brands within the group appear to have been impacted in the attack, including Size?, Blacks, Scotts, and Millets. 

The retailer added that “affected data is limited”, however, and that at present there is no reason to believe that customer account passwords were accessed. 

“JD Sports does not hold full payment card data and, further, has no reason to believe that account passwords were accessed,” the retailer said in a statement.  

JD Sports’ chief financial officer, Neil Greenhalgh, apologised for the incident and urged users to be prepared for a potential spike in phishing emails in the wake of the incident.  

“We want to apologise to those customers who may have been affected by this incident,” he said. “We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these.

“We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.” 

JD Sports said it has informed the Information Commissioner’s Office (ICO) of the incident and is working closely with security partners to mitigate the impact on customers.  

“We are continuing with a full review of our cyber security in partnership with external specialists following this incident,” Greenhalgh said. “Protecting the data of our customers is an absolute priority for JD.” 

JD Sports attack: Retailers in the crosshair

The JD Sports is the latest major security incident to affect UK retailers in the space of a year.  

Related Resource

Six myths of SIEM

Things have changed when it comes to SIEM solutions

Whitepaper cover with black & white birds eye view of a cityscapeFree Download

In April 2022, book retailer The Works fell victim to a cyber attack which forced the closure of dozens of stores across the UK.  

The incident crippled the company's internal systems, resulting in widespread delays to customer delivery orders and preventing the company from resupplying stores.  

Retailers have become an increasingly lucrative target for cyber criminals, research shows.  

A study last year by SonicWall found that the retail sector saw a 264% surge in ransomware attacks between February 2021 and 2022.  

The widespread consumer shift to online shopping during the pandemic prompted hackers to escalate attacks against online retailers.  

Lauren Wills-Dixon, solicitor and an expert in data privacy at law firm Gordons said retailers are now key targets for cybercriminals due to the volume of consumer data they process and hold. 

“Retailers are among the most common targets for cybercriminals because their high volume of transactions – and therefore the volume of customer data they hold - makes them an attractive target,” she said. “The increased use of technology by the industry to reduce overheads and streamline operations has raised the risk even further.”

Featured Resources

Defending against malware attacks starts here

The ultimate guide to building your malware defence strategy

Free Download

Datto SMB cyber security for MSPs report

A world of opportunity for MSPs

Free Download

The essential guide to preventing ransomware attacks

Vital tips and guidelines to protect your business using ZTNA and SSE

Free Download

Medium businesses: Fuelling the UK’s economic engine

A Connected Thinking report

Free Download

Most Popular

Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
Microsoft set to block emails from unsupported Exchange servers
Security

Microsoft set to block emails from unsupported Exchange servers

28 Mar 2023
What the UK can learn from the rest of the world when it comes to the shift to IP
Sponsored

What the UK can learn from the rest of the world when it comes to the shift to IP

20 Mar 2023