The UK-based sports fashion retailer, JD Sports, announced that a group of malicious actors breached their systems and stole ten million worth of data that contains customer details.
Based on reports, the firm claimed that the breach came from a system containing customer data related to several online orders between November 2018 and October 2020. These data could be prone to scam attacks.
JD Sports participates on the London Stock Exchange, and London-based Pentland Group primarily owns it. In addition, this company runs numerous physical stores worldwide.
The company runs more than 3,400 stores in 32 countries. The company’s stores are primarily located in the United Kingdom, Ireland, and other parts of Europe. In addition, this company also expands its stores to the Asia-Pacific region, Canada, and the United States.
Five more brands are affected by the breach aside from JD Sports.
According to a JD Sports notification, the data breach incident impacts online customers of five sports fashion and outdoor clothing brands. These affected brands are the Millets, Blacks, Scotts, MilletSport, and Size?.
Some of the exposed details include names, delivery addresses, billing addresses, phone numbers, order details, email addresses, and the last four digits of the customers’ payment cards. Fortunately, the company did not include the full details of the payment card.
A JD Sports representative also explained that they do not have evidence that the attackers accessed the account password of their customers. The sports fashion retailer warns its customers regarding scamming attempts and unwanted communications from actors that impersonate JD Sports.
The data breach notification also revealed that the breach appears to impact users within Great Britain and several other countries.
Unfortunately, the company will face one regulatory question from the GDPR that they should address since they have already experienced data exposure that has already been four years old.
Their customers should be wary of possible threats such as scams or phishing attempts, as threat groups would likely acquire the exposed data soon to use them for other malicious purposes.