JD Sports: 10 million customers affected by cyber attack

Data stolen could include, names, addresses, emails phone numbers and the last four digits of bank card numbers

High street clothing retailer JD Sports says it was hit by a cyber attack that could have affected up to 10 million online customers.

The attack is believed to have occurred in recent days, but information that may have been accessed by hackers is more than two years old. It includes records of online transactions between November 2018 and October 2020.

Names, addresses, emails, phone numbers, order details and the last four digits of bank cards may have been stolen, according to the company. Affected customers are being informed. The company is advising customers to be on their guard against identity theft and spamming.

JD Group brands affected are JD Sports, Size?, Millets, Blacks, Scotts and MilletSport.

Neil Greenhalgh, CFO at JD Sports, said: "We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.

"We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD."

In a press release, the company said:

"We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts. We are engaging with the relevant authorities, including the UK's Information Commissioner's Office (ICO), as necessary.

"We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands."

We have contacted JD Group for comment.