Data of 10m customers may have been stolen in JD Sports hack

The breach affected the brands JD, Size?, Millets, Blacks, Scotts and MilletSport.

August Graham
Monday 30 January 2023 10:41 GMT
Shoppers who ordered goods from the company between 2018 and 2020 might have been hit by the hack (Nicholas T Ansell/PA)
Shoppers who ordered goods from the company between 2018 and 2020 might have been hit by the hack (Nicholas T Ansell/PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

JD Sports has warned that around 10 million people might have had their addresses, phone numbers and email addresses among other things stolen in a hack that hit the retailer.

The business said payment card details were safe, and that it has no reason to think the hackers have accessed users’ passwords.

Hackers accessed a system which contained information on orders placed between November 2018 and October 2020 by JD Sports customers, the company said.

The impacted brands include JD, Size?, Millets, Blacks, Scotts and MilletSport.

We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks

JD Sports

The intruders could have gained access to billing, delivery and email addresses, full names, phone numbers, details of orders that customers have placed, and the final four digits of their payment cards.

JD warned customers to be vigilant against any potential fraudsters who could use this information to target shoppers, and convince the customers that they are calling, emailing or texting from JD.

“We want to apologise to those customers who may have been affected by this incident,” said chief financial officer Neil Greenhalgh.

“We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these.

“We are continuing with a full review of our cyber security in partnership with external specialists following this incident.

“Protecting the data of our customers is an absolute priority for JD.”

The business said that it would proactively contact customers whose data might have been taken in the breach.

It is the latest in a series of recent high-profile cyber attacks on British companies.

Last Thursday, Royal Mail was able to resume international signed deliveries for business customers.

The company had been forced to withdraw some overseas delivery options after being hit by what was reportedly a ransomware attack.

JD Sports said on Monday: “We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts.

“We are engaging with the relevant authorities, including the UK’s Information Commissioner’s Office (ICO), as necessary.

“We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks.

“This includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in