JD Sports

History

2023: Cyberattack collapse

At the end of January 2023, British sportswear chain JD Sports reported a cyber attack that compromised the data of millions of customers.

The attackers reportedly stole an extensive database containing full names, delivery addresses and invoices, email addresses, phone numbers, the last four digits of a bank card and some other details. The information is said to have been extracted from an archive that includes orders that were completed between November 2018 and October 2020. In total, the leak could affect approximately 10 million JD Sports customers.

JD Sports network hit by cyber attack

The data of buyers of products of the brands JD, Size?, Millets, Blacks, Scotts and MilletSport have been compromised. It is emphasized that the attackers failed to gain access to full payment information. Passwords from user accounts, according to the results of a preliminary investigation, were also not stolen.

We want to apologise to those users who may have been affected by this incident. Protecting our customers' data is an absolute priority for JD, "said Neil Greenhalgh, Chief Financial Officer, JD Sports

A full review of JD Sports' computer infrastructure is ongoing. The company collaborates with third-party cybersecurity experts and engages with the British Information Commissioner's Office, the country's data protection watchdog. Experts say JD Sports customers could face fraudulent emails and calls. Users are strongly encouraged to change the password for their account to minimize possible risks. Cybercriminals, as noted, always seek to piece together information about victims from various sources in order to organize a convincing phishing scheme aimed, for example, at stealing money.^[1]

Notes