JD Sports has warned that stored data relating to ten million customers may be at risk after a cyberattack.
The sportswear chain said the information that “may have been accessed” included names, billing addresses, phone numbers, email addresses and the final four digits of users’ payment cards.
It said the hackers had accessed a system that contained information on some online orders placed between November 2018 and October 2020. The affected brands included JD, Millets, Blacks, Size?, Scotts and Millet Sports. It said it did not hold full payment card data and had no reason to believe the hackers had accessed users’ passwords.
JD said it had taken immediate steps to respond to the attack, including working with cybersecurity experts. It said it was also engaging with the relevant authorities, including the Information Commissioner’s Office.
Neil Greenhalgh, 51, chief financial officer, said: “We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam emails, calls and texts, and providing details on how to report these.”
JD said it would contact customers whose data may have been taken.
It is the latest in a series of cyberattacks on British companies. Last week Royal Mail was able to resume international signed deliveries for business customers weeks after it had been forced to withdraw some overseas services following a ransomware attack.
This month JD Sports said its positive Christmas and half-year performance meant that it could expect group pre-tax profit for the year to January 28 to be towards the top end of market expectations, which range from £933 million to £985 million.
JD Sports Fashion was founded in Bury in 1983 and now has more than 3,400 shops in 32 countries. Shares in the company rose by ¾p, or 0.5 per cent, to 162½p yesterday.