JD Sports, a British sportswear chain, reported “unauthorized access” to a customer database on January 30, 2023. “The information that may have been accessed was the name, billing address, delivery address, email address, telephone number, order details, and the last four digits of payment cards of approximately 10 million unique customers,” the group said.
This data relates to purchases made between November 2018 and October 2020 from the brands JD, Size?, Millets, Blacks, Scotts, and MilletSport. The company points out that it does not have the full banking information of its customers, and says that no passwords appear to have been exposed.
On the other hand, the group warns about the risks of phishing or fraud induced by this data leak. Therefore, it invites its customers to be wary of “any suspicious or unusual communication supposedly coming from JD Sports or one of our group’s brands“.
JD Sports said it is working with the authorities, in particular the Information Commissioner’s Office (ICO), the British equivalent of the Cnil. “Following this incident, we are continuing a comprehensive review of our cybersecurity in partnership with external specialists. Protecting our customers’ data is a top priority for JD Sports,” said Neil Greenhalgh, group finance director.