JD Sports Fashion Plc, the parent company for Finish Line, Shoe Palace and DTLR, among others, has been the target of a cyber incident that resulted in unauthorized access to a system that contained customer data relating to online orders placed between November 2018 and October 2020. The affected JD Sports group brands are JD, Size?, Millets, Blacks, Scotts, and MilletSport. The U.S.-based brands were not mentioned in the advisory from JD.
The company said that the affected data is limited. JD Sports does not hold full payment credit card data and has no reason to believe that account passwords were accessed.
The information that may have been accessed consists of the name, billing address, delivery address, email address, phone number, order details, and the final four digits of payment cards of approximately 10 million customers.
“We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts,” JD said in their alert. “We are engaging with the relevant authorities, including the UK’s Information Commissioner’s Office, as necessary.”
JD said it is proactively contacting affected customers so that it could advise them to be vigilant to the risk of fraud and phishing attacks; this includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of its group brands.
“We want to apologize to those customers who may have been affected by this incident,” said company CFO Neil Greenhalgh. “We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”
