Heimdal
Home > Cybersecurity News

10 Million JD Sports Customers Had Their Data Exposed in a Data Breach

Hackers Stole Important Information Putting Clients at Risk.

Last updated on January 31, 2023

article featured image

Contents:

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers.

All the information stored in the attacked server related to purchases made between November 2018 and October 2020.

Details About the Data Breach

JD Sports warned customers about the data breach in a notice saying that it promptly recognized the illegal entry and acted swiftly to secure the breached server, blocking future access attempts.

10 Million JD Sports Customers Had Their Data Exposed in a Data Breach

Source

In the notice filed by JD Sports with the London Stock Exchange on 30th of January 2023 is disclosed that this incident also affected sub-brands like JD, Size?, Millets, Blacks, Scotts, and MilletSport.

We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.

Source

What Data Was Stolen

The data that cybercriminals managed to exfiltrate belongs to 10 million unique customers and consists of:

  • Full name
  • Billing information
  • Delivery address
  • Email address
  • Phone number
  • Order details
  • Four final digits of the payment card

The notice also explains that the client’s full payment details should be safe, as JD Sports do not store them. Account passwords apparently were also not leaked.

The affected data is limited. We do not hold full payment card details and we do not believe account passwords were accessed.

Source

Even so, the stolen data could be used by threat actors in phishing attacks or for social engineering. That is why customers are advised to change their passwords on the JD Sports account and on any other platform if they are in the habit of reusing credentials.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Related Articles

Sports Betting Company BetMGM Suffered a Data BreachWhat Is Data Leakage?Japanese Sports Equipment and Sportswear Company Mizuno Fell Victim to a Ransomware AttackWhat Is a Data Breach and How to Prevent It

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V