UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. The company discovered unauthorized access to a server that contained data related to order placed by 10 million customers.
“JD Sports Fashion Plc (“JD Sports”) has been the target of a cyber incident which resulted in the unauthorised access to a system that contained customer data relating to some online orders placed between November 2018 and October 2020. The affected JD Sports group brands are JD, Size?, Millets, Blacks, Scotts and MilletSport.” reads the notice published by the company. “The affected data is limited. JD Sports does not hold full payment card data and, further, has no reason to believe that account passwords were accessed.”
According to the company, the data breach impacted the JD, Size, Millets, Blacks, Scotts and MilletSport brands.
According to the notice published by the company, the security breach may have exposed online limited information, including full names, delivery and billing addresses, email addresses, phone numbers, order details, and the last four digits of the customers’ payment cards.
According to the company, account passwords were compromised.
The company notified UK authorities and hired external cybersecurity experts to investigate the security incident.
Customers are recommended to be vigilant because they can be targeted in frauds and phishing attacks.
“We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.” Neil Greenhalgh, Chief Financial Officer of the company, said.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Hackers breached Texas DOT (TxDOT), stealing 300,000 crash reports with personal data from its Crash…
SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws…
Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai…
China-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks…
US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes,…
This website uses cookies.