JD Sports isn’t having a particularly good day, and neither are the sports retailer’s customers.
The company said the personal data of 10 million customers “may have been accessed” by hackers, the BBC(Opens in a new window) reported Monday. The data relates to online orders made between November 2018 and October 2020, from JD Sports brands JD, Size?, Millets, Blacks, Scotts and Millets Sport. It includes names, addresses, email accounts, phone numbers, order details and the last four digits of credit cards.
The silver lining, according to JD Sports, is that hackers do not have access to full payment card details. The company also does not believe the account passwords were accessed by hackers.
“We want to apologize to customers who may have been affected by this incident,” said Neil Greenhalgh, chief financial officer of JD Sports. The company said it was contacting customers who may have been affected by the hack, telling them(Opens in a new window) to “be vigilant about potential fraudulent emails, calls and SMS”.
It is unclear why it took more than a year to discover the hack and make it public.
The UK Royal Mail(Opens in a new window) was recently the victim of a ransomware cyberattack, with hackers threatening to publish stolen customer data online. And just a few days ago, some 35,000 PayPal users(Opens in a new window) were hit by a cyberattack in which hackers accessed users’ names, mailing addresses and tax ID numbers, among other data.