Contents:
The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers.
All the information stored in the attacked server related to purchases made between November 2018 and October 2020.
Details About the Data Breach
JD Sports warned customers about the data breach in a notice saying that it promptly recognized the illegal entry and acted swiftly to secure the breached server, blocking future access attempts.
In the notice filed by JD Sports with the London Stock Exchange on 30th of January 2023 is disclosed that this incident also affected sub-brands like JD, Size?, Millets, Blacks, Scotts, and MilletSport.
We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.
What Data Was Stolen
The data that cybercriminals managed to exfiltrate belongs to 10 million unique customers and consists of:
- Full name
- Billing information
- Delivery address
- Email address
- Phone number
- Order details
- Four final digits of the payment card
The notice also explains that the client’s full payment details should be safe, as JD Sports do not store them. Account passwords apparently were also not leaked.
The affected data is limited. We do not hold full payment card details and we do not believe account passwords were accessed.
Even so, the stolen data could be used by threat actors in phishing attacks or for social engineering. That is why customers are advised to change their passwords on the JD Sports account and on any other platform if they are in the habit of reusing credentials.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.