An alleged massive data leak affected fashion retailer's customers

According to the official statement, JD Sports has probably experienced a data privacy incident. Allegedly, personal data and financial details belonging to approximately 10 million users has been illicitly obtained by intruders. 

The  incident affected online orders made by customers between November 2018 and October 2020.

The company’s representatives notified the Information Commissioner’s Office about the incident and reported that they got in touch with the affected parties and warned them about probable information security risks, such as phishing attempts and other fraud. It was also reported that the investigation was initiated.

The data, which was probably obtained by hackers included:

  • Names
  • Nilling and delivery addresses
  • Phone numbers
  • Order details
  • The final four digits of payment cards

Nevertheless, the company officials claimed that, most probably, account passwords were not accessed and the intruders did not manage to “hold full payment data”.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.