JD Sports cyber attack may have exposed bank details of ten million customers

30 January 2023, 13:27 | Updated: 30 January 2023, 13:30

JD Sports has had a data breach
JD Sports has had a data breach. Picture: Alamy

By Kit Heren

The personal data of ten million people may have been breached in a cyber attack on sporting goods retailer JD Sports, the company has warned.

Listen to this article

Loading audio...

JD Sports bosses said on Monday that they were contacting customers who could have been affected by the breach.

Anyone who placed an order with JD Sports between November 2018 and October 2020 may have had their data exposed.

That includes names, addresses, phone numbers, order details, and the final four digits of their payment cards.

Brands affected include JD, Size?, Millets, Blacks, Scotts and MilletSport.

JD Sports in Newcastle
JD Sports in Newcastle. Picture: Alamy

JD Sports warned customers to look out for any potential fraudsters who could use this information to target shoppers, and convince the customers that they are calling, emailing or texting from JD.

"We want to apologise to those customers who may have been affected by this incident," said chief financial officer Neil Greenhalgh.

"We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these.

"We are continuing with a full review of our cyber security in partnership with external specialists following this incident.

"I've Sacked People For Sitting Down" Undercover At JD Sports

"Protecting the data of our customers is an absolute priority for JD."

JD Sports said on Monday: "We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts.

Read more: Police searching for missing woman, 45, who vanished three days ago reveal her phone was found on bench

Read more: Kremlin accuses Boris Johnson of lying after he said Putin 'threatened to kill him with a missile strike'

"We are engaging with the relevant authorities, including the UK's Information Commissioner's Office (ICO), as necessary.

"We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks.

"This includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands."

JD Sports is one of several British companies to have had data breaches recently
JD Sports is one of several British companies to have had data breaches recently. Picture: Alamy

It is the latest in a series of recent high-profile cyber attacks on British companies. Last Thursday, Royal Mail was able to resume international signed deliveries for business customers.

The company had been forced to withdraw some overseas delivery options after being hit by what was reportedly a ransomware attack.