Ten million customers might be at risk after JD Sports experienced a cyber-attack. According to the sportswear chain, the hackers may have accessed customer names, addresses, email accounts, phone numbers, order details, and the final four digits of customer bank cards. The company does “not hold full payment card details”
You could be affected by the JD Sports data breach if you placed an order online between November 2018 and October 2020. Affected customers are being contacted.
Even if you do not receive notification of your involvement, if you made an online order during the data breach period you should take immediate steps to protect yourself. Find out how to do this here.
This is important because victims of data breaches often become the target of cybercriminals and phishing attacks. Similar privacy violations have resulted in fraud, blackmail, and identity theft. As such, JD Sports customers are at high risk of being targeted by cybercriminals.
The retailer appears to have acknowledged the risk as it is advising affected customers “to be vigilant about potential scam emails, calls and texts and providing details on now to report these.”
While a spokesperson for JD Sports has apologised for the incident, and said that protecting customer data is an “absolute priority”, a failure to adopt standard security measures often make such attacks possible. If JD Sports did not have adequate protections in place, it must be held responsible for any loss or distress experienced by its customers because of this breach.
Keller Postman UK has launched an investigation to find out what happened and how this breach affects JD Sports customers. If you are an JD Sports customer, and you made an online order during the data breach period, register below to receive updates on our investigation.
If we uncover that poor security processes led to customer information being compromised, we will launch a data breach group action to help affected customers in England & Wales claim compensation for the security failures.