JD Sports Admits Intruder Accessed 10 Million Customers' Data

Sports fashion retailer JD Sports has confirmed miscreants broke into a system that contained data on a whopping 10 million customers, but no payment information was among the mix. The Register reports: In a post to investors this morning, the London Stock Exchange-listed business said the intrusion related to infrastructure that housed data for online orders from sub-brands including JD, Size? Millets, Blacks, Scotts and MilletSport between November 2018 and October 2020. The data accessed consisted of customer name, billing address, delivery address, phone number, order details and the final four digits of payment cards "of approximately 10 million unique customers." The company does "not hold full payment card details" and said that it has "no reason to believe that account passwords were accessed."

As is customary in such incidents, JD Sports has contacted the relevant authorities such as the Information Commissioner's Office and says it has enlisted the help of "leading cyber security experts." The chain has stores across Europe, with some operating in North America and Canada. It also operates some footwear brands including Go Outdoors and Shoe Palace. "We want to apologize to those customers who may have been affected by this incident," said Neil Greenhalgh, chief financial officer at JD Sports. "We are advising them to be vigilant about potential scam emails, calls and texts and providing details on now to report these."

He added: "We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting that data of our customers is an absolute priority for JS."

No consequences, no security, rinse, repeat

[Miles_O'Toole]

The chief financial officer of JD Sports said, "Protecting that data of our customers is an absolute priority."

He is a liar. None of these companies could care less about their customers' personal data. Most of them already sell it without concern for where it winds up. In many cases, there isn't even real consent. Until there are real consequences for outrages like this, including criminal charges for company directors, we can expect more and more incidents like this to join the long list of those that have already occurred.

Should have had 2FA

[quonset]

I hear 2FA is the be all and end all. Can't live without it because hackers are spending millions of hours each year trying to get into your one account.

Yawn

[k0t0n]

Just another day in the internet. When is someone going to do something about all the personal data being thrown around like potatos?

A sporting goods retailer?

[rsilvergun]

This is one data breach that no one here needs to worry about.

BFD

[ceg97]

Buying from an internet retailer is equivalent to putting your name and address in a phone book. Names and addresses of (nearly) all voters are public as well. Most people have been usinf phone directories many decades so why the hysteria. In addition email is equivalent to sky writing as far as privacy is concerned.