Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide

Security

JD Sports suffers cyber security attack

JD Sports Fashion Plc (JD Sports) has been the target of a cyber incident which resulted in the unauthorised access to a system that contained customer data relating to some online orders placed between November 2018 and October 2020.

Image copyright Shutterstock

The details of 10 million customers of the affected JD Sports group brands - JD, Size?, Millets, Blacks, Scotts and MilletSport - could have been taken.

The affected data is limited, as JD Sports does not hold full payment card data and, further, has no reason to believe that account passwords were accessed. The information that may have been accessed consists of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.

Advertisement
ODU RT 2

JD Sports says it has taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts. It is engaging with the relevant authorities, including the UK's Information Commissioner's Office (ICO).

It is also in the process of proactively contacting affected customers so that it can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of its group brands.

Neil Greenhalgh, Chief Financial Officer of JD Sports, said: "We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD."

Marijus Briedis, cybersecurity expert at NordVPN, commented: “The scale of the JD Sports attack is hugely concerning and will have millions of online shoppers fearing that they’re in the cross hairs of hackers.

Advertisement
ADS S &P RT

“While no customer passwords are believed to have been compromised, the breadth of information that has been stolen, from email addresses to phone numbers, could make it a very lucrative raid. Details like this are in high demand on the dark web, where knowing the last few digits of a person’s credit or debit card could be the foundation of a future phishing scam.

“As the customer data that has been targeted dates back to orders placed several years ago it could be that it was stored separately to live transactions. In the wake of the pandemic many businesses have introduced new cloud-based methods of storage, making them accessible remotely and less reliant on physical infrastructure like external drives.

“While the rush to the cloud is taking place, bad actors are increasingly focusing their sights away from hardware and instead looking for gaps in cloud services to exploit. These could be as simple as keeping the default password on a system account or failing to encrypt the stored data properly.”

 

Advertisement
General Atomics LB General Atomics LB
Home Secretary announces major policing reforms

Security Events

Home Secretary announces major policing reforms

21 November 2024

An ambitious programme of reform to policing has been unveiled by the UK's Home Secretary, marking the start of a new partnership between government and policing.

Recruitment bias preventing STEM professionals returning to work

Aerospace Defence Security Space

Recruitment bias preventing STEM professionals returning to work

21 November 2024

Bias in the recruitment system is still preventing talented STEM professionals on a career break from returning to employment, according to a new survey by STEM Returners.

Base Materials

Defence Security

Base Materials' Subtec 11500 first with DNV TAC

20 November 2024

Leicester based Base Materials has become the first syntactic foam subsea buoyancy manufacturer to receive DNV type approval (TAC) on its Subtec 11500 material and Approval of Manufacture (AoM) for the complete range of Subtec materials.

TEKEVER gets €70m funding boost

Defence Security

TEKEVER gets €70m funding boost

20 November 2024

Provider of AI-centric Unmanned Aerial Systems (UAS), TEKEVER, has raised €70 million in a funding round led by Baillie Gifford, the investment manager and early backer of Airbnb, Spotify and SpaceX and the NATO Innovation Fund (NIF), a standalone venture capital fund, backed by 24 NATO allies, that deploys €1 billion in deep tech to advance ...

Advertisement
ODU RT
Allen-Vanguard and Metis Aerospace to deliver advanced counter-drone capabilities

Defence Security

Allen-Vanguard and Metis Aerospace to deliver advanced counter-drone capabilities

18 November 2024

Allen-Vanguard, a provider of customised solutions for defeating Radio Frequency (RF) based terrorist and extremist threats, has entered a strategic collaboration with domain knowledge experts in passive RF detection, Metis Aerospace.

UK and allies warn of cyber attack vulnerabilities

Defence Security

UK and allies warn of cyber attack vulnerabilities

13 November 2024

The UK and international allies issued an alert yesterday, showing an increase in cyber attackers initially exploiting previously unknown vulnerabilities to compromise enterprise networks.

Advertisement
ODU RT 2