The popular sports-fashion chain JD sports has announced that up to 10 million of its customers could be at risk after a major cyber-attack breached some of their online data.
In a statement, the company said that the data of customers who made online orders between November 2018 and October 2020 for the JD, Size?, Millets, Blacks, Scotts, and MilletSport brands might be affected by the breach.
Some of the information that may have been compromised includes names, phone numbers, addresses, email addresses, order details, and the last four digits on their payment cards.
However, the company reassured its customers that it doesn’t believe that the data accessed by hackers included any account passwords or full payment card details.
Neil Greenhalgh, the chief financial officer of JD Sports said in the statement: “We want to apologize to those customers who may have been affected by this incident. Protecting the data of our customers is an absolute priority for JD.”
He added that, although the breach was only detected in recent days, it only relates to data between 2018 and 2020. Despite this, he did advise customers who may have been affected by the breach ”to be vigilant about potential scam e-mails, calls, and texts”.
The statement also noted that the company is currently working with some of the leading cyber-security experts and is in talks with UK’s Information Commissioner’s Office (ICO) about the incident.
It says: “We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts. We are continuing with a full review of our cyber security in partnership with external specialists following this incident.”
Anyone who may have been affected by the breach has been advised to be wary of any emails, calls, or texts claiming to be from JD Sports or any of its brands. They should also keep an eye on their bank accounts and credit reports for suspicious activity.