Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide

Security

JD Sports suffers cyber security attack

JD Sports Fashion Plc (JD Sports) has been the target of a cyber incident which resulted in the unauthorised access to a system that contained customer data relating to some online orders placed between November 2018 and October 2020.

Image copyright Shutterstock

The details of 10 million customers of the affected JD Sports group brands - JD, Size?, Millets, Blacks, Scotts and MilletSport - could have been taken.

The affected data is limited, as JD Sports does not hold full payment card data and, further, has no reason to believe that account passwords were accessed. The information that may have been accessed consists of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.

Advertisement
ODU RT

JD Sports says it has taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts. It is engaging with the relevant authorities, including the UK's Information Commissioner's Office (ICO).

It is also in the process of proactively contacting affected customers so that it can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of its group brands.

Neil Greenhalgh, Chief Financial Officer of JD Sports, said: "We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD."

Marijus Briedis, cybersecurity expert at NordVPN, commented: “The scale of the JD Sports attack is hugely concerning and will have millions of online shoppers fearing that they’re in the cross hairs of hackers.

Advertisement
ODU RT

“While no customer passwords are believed to have been compromised, the breadth of information that has been stolen, from email addresses to phone numbers, could make it a very lucrative raid. Details like this are in high demand on the dark web, where knowing the last few digits of a person’s credit or debit card could be the foundation of a future phishing scam.

“As the customer data that has been targeted dates back to orders placed several years ago it could be that it was stored separately to live transactions. In the wake of the pandemic many businesses have introduced new cloud-based methods of storage, making them accessible remotely and less reliant on physical infrastructure like external drives.

“While the rush to the cloud is taking place, bad actors are increasingly focusing their sights away from hardware and instead looking for gaps in cloud services to exploit. These could be as simple as keeping the default password on a system account or failing to encrypt the stored data properly.”

 

Advertisement
Babcock LB
NW PRO wins ADS Security Innovation Award

Security Events

NW PRO wins ADS Security Innovation Award

12 March 2025

NW Pro have been announced as the winners of the ADS Security Innovation Award during the Home Office’s Security and Policing Exhibition for their product NexuSec.

NPAS orders seven Airbus H135s

Aerospace Security

NPAS orders seven Airbus H135s

12 March 2025

The UK’s National Police Air Service (NPAS) has selected Airbus Helicopters to supply seven H135 helicopters as the initial phase of its fleet renewal programme.

ADS releases its Security and Resilience Outlook 2025

Security

ADS releases its Security and Resilience Outlook 2025

11 March 2025

The latest data from ADS highlights that turnover in the Security and Resilience Sector reached £24 billion in 2024, representing growth of 176% from a decade earlier.

SIA consults on proposed licence applications criteria

Security

SIA consults on proposed licence applications criteria

11 March 2025

The Security Industry Authority (SIA) has today launched a consultation on changes it is proposing to make to its licensing criteria.

Advertisement
ODU RT
HMP Highpoint expanded to create UK

Security

HMP Highpoint expanded to create UK's largest public sector jail

10 March 2025

More dangerous criminals will be taken off the streets thanks to a 700-place expansion which will turn a Suffolk jail into the UK’s largest public sector prison.

AAUK relaunches APPGAA for Air Ambulances

Aerospace Security

AAUK relaunches APPGAA for Air Ambulances

7 March 2025

Air Ambulances UK (AAUK) has relaunched the All-Party Parliamentary Group on Air Ambulances (APPGAA), reaffirming its commitment to advocating for the lifesaving work of air ambulance charities across the UK.

Advertisement
ODU RT