JD Sports is warning customers of a data breach after a server was hacked that contained online order information for 10 million customers placed between November 2018 and October 2020.

JD Sports says it detected the unauthorized access immediately and responded quickly to secure the breached server, preventing subsequent access attempts.

However, the hackers were able to steal the data for approximately 10 million unique customers, which consisted of the following information:

  • Full name
  • Billing details
  • Delivery address
  • Email address
  • Phone number
  • Order details
  • Four final digits of the payment card

This data could be used to launch phishing or social engineering attacks against exposed individuals.

Buy Me a Coffee

“We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks,” reads the incident report.

“This includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.”

JD Sports says it does not store full payment card details for online orders, so complete financial information cannot have been compromised.

The same applies to account passwords, which the firm says it has no reason to believe were accessed.

READ
Skoda Infotainment Vulnerabilities Could Expose Cars to Cyberattacks