DICK’s Sporting Goods says confidential data exposed in cyberattack


DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday.

Founded in 1948, DICK’S operates 857 stores across the United States and has reported $12.98 billion in revenue in 2023. As of February 2024, the Fortune 500 company employs over 55,500 people (18,900 full-time and 36,600 part-time).

According to a filing with the U.S. Securities and Exchange Commission (SEC), the company has hired outside cybersecurity experts to help contain the security breach and assess the cyberattack’s impact.

“On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information,” the retailer giant said.

“Immediately upon detecting the incident, the Company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat.”

According to a source who requested anonymity to speak freely, the company has provided few details about the breach and is telling employees not to discuss it publicly or put anything in writing.

The same source told BleepingComputer that email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees’ identities on camera before they can regain access to internal systems.

In an internal memo shared with BleepingComputer, Dick’s told employees that most of them no longer have access to their systems because of a “planned activity” and that their team leaders will contact them via personal email or text for further instructions.

DICK'S internal memo to employees
DICK’S internal memo to employees (BleepingComputer)

In today’s SEC filing, the Fortune 500 retailer says it has also reported the breach to relevant law enforcement authorities and that, for the moment, the incident had no impact on the company’s operations.

“The Company has also notified federal law enforcement. The Company has no knowledge that this incident has disrupted business operations,” DICK’S added.

“The Company’s investigation of the incident remains ongoing. Based on the Company’s current knowledge of the facts and circumstances related to this incident, the Company believes that this incident is not material.”

A DICK’S spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.



Source link