UK-based fashion retailer JD Sports announced that 10 million customers’ personal and financial data may have been compromised by hackers in a cyber-attack.
According to the company, the attack affected some online orders made between November 2018 and October 2020, targeting purchases from JD, Size?, Millets, Blacks, Scotts, and Millets Sport brands.
“The affected data is limited. JD Sports does not hold full payment card data and, further, has no reason to believe that account passwords were accessed,” said the company’s filing at the London Stock Exchange.
The company did not disclose how the breach happened and whether it was a targeted attack or ransomware attack.
JD Sports and the scope of breach
JD Sports has more than 3,400 stores across the world, most of which are in Europe. The UK retailer said regulatory authorities including Information Commissioner’s Office are involved and is reaching out to impacted customers to warn them of potential scams, said the filing.
“We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands,” the filing said.
Information that may have been accessed includes names, addresses, phone numbers, order details, and the last four digits of payment cards, according to the UK retailer.
The company has taken immediate action to investigate and respond to the attack, working with cybersecurity experts and warning customers to be vigilant against fraud and phishing attempts.
“We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks,” said Neil Greenhalgh, Chief Financial Officer of JD Sports.
“This includes being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.”
UK retailers and cyber attacks
Retail sector is a preferred targets of cybercriminals, with recent high-profile targets including Metro AG, Luxottica, and Business Fulfilment.
In April 2022, UK retail chain The Works had to close multiple stores due to a cyber security breach that resulted in unauthorized access to its computer systems, leading to till problems.
With 530 stores across the UK and Ireland, The Works offered a variety of products, including books, toys, stationery, art supplies, and craft materials. It generated an annual revenue of around $300 million.
According to research by Akamai Technologies, 59% of online shoppers in the UK would stop shopping at a retailer hit by a cyberattack, while 49% lack trust in retailers to secure their personal information.
About 70% of online shoppers surveyed said that they check the security of a retailer’s website before making a purchase, and 91% would abandon their shopping cart if the site doesn’t seem secure.
The research showed that 79% of people prioritize protecting their personal data over a personalized shopping experience. More than 75% of British online shoppers expect retailers to invest heavily in data protection and security.