Customers are urged to be wary of fake emails, phone calls, and messages appearing to come from JD Sports or its other companies.
JD Sports is notifying consumers whose personal information may have been compromised due to a cyberattack.
Ten million individuals who placed orders between November 2018 and October 2020 were affected by the problem.
Customers’ names, delivery, billing, email, phone, and last four payment card digits were possibly revealed.
This comprises customers of JD and the group’s Size, Millets, Blacks, Scotts, and MilletSport brands.
The sportswear firm does not believe that account passwords were compromised and has informed affected customers that their complete credit card information was not compromised.
However, they are urged to be wary of fraudulent emails, phone calls, and messages.
In an email to consumers, JD Sports stated. “We take the protection of client data very seriously and apologize for this unfortunate incident.”
JD “working with cyber professionals”
The corporation stated that it is in contact with the United Kingdom’s Information Commissioner’s Office over the hack.
The company noted, “We have taken quick action to investigate and respond to the situation. Including collaborating with top cyber security professionals.”
Following this incident, JD’s chief financial officer, Neil Greenhalgh, stated, “We are continuing our comprehensive evaluation of our cyber security in collaboration with external professionals.”
JD places the utmost importance on the security of its customers’ data.
What should consumers be mindful of?
Scammers will send fraudulent emails, phone calls, and messages alleging to represent JD Sports or its other brands.
Matt Hull, global head of threat intelligence at NCC Group, said such communications are usually poorly crafted.
He encouraged individuals to be wary of “misspelled words, bad grammar, and unusual layout” as indicators that emails and texts may not be real.
“Quite frequently, they will attempt to persuade the individual to click on a link, visit a website, download a file, or submit additional information,” he added.
JD will prioritize determining how the attackers gained access to its network and ensuring that they are no longer there.
Companies concerned about cyber threats must implement strong password policies, permit consumers to use multifactor authentication, and maintain up-to-date security systems.
Mr. Hull warned that this type of information may also end up on criminal forums and marketplaces.
He stated, “This type of information is quite valuable.”
It can be sold and used for other illicit activities.
Just a few weeks ago, a ransomware gang linked to Russia attacked Royal Mail.
It caused more than 500,000 packages and letters to become lost.
Last year, the National Cyber Security Centre warned British businesses and public institutions of “severe” cyber threats.