JD Sports Says Cyber Security Incident Could Expose Data of 10 Million Customers

JD Sports Fashion Plc (JD Sports) was the target of a cyber security incident that could potentially impact about 10 million customers.

The retail giant revealed today that a cyber security incident resulted in “unauthorized access to a system containing customer data.” The data, according to JD Sports, was specific to some online orders that were placed between November 2018 and October 2020. The retailer stated the impacted retail banners were JD Sports, Size?, Millets, Blacks, Scotts and MilletSport.

JD Sports also said the data exposure was limited. The retailer confirmed it “does not hold full payment card data” and it “has no reason to believe that account passwords were accessed.” The information that might have been accessed, according to JD Sports, includes name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of roughly 10 million unique customers.

The retailer said it has taken steps to investigate and respond, which includes working with cyber security experts and relevant authorities, such as the Information Commissioner’s Office in the U.K. The company stated it is contacting affected customers to “advise them to be vigilant to the risk of fraud and phishing attacks” including “any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.”

“We want to apologize to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD,” Neil Greenhalgh, CFO of JD Sports, said in a statement. 

Major retail and footwear players from Zappos to Saks Fifth Avenue to Under Armour have been impacted by security breaches in the past decade.

JD Sports was a mainstay in athletic industry headlines throughout 2022. To end the year, the retailer announced it sold 15 of its U.K.-based “non-core” fashion businesses to Frasers Group Plc in a deal worth 47.5 million pounds, or $57.6 million. Eight of the brands, according to JD Sports, were completely acquired on the Dec. 19, 2022 sale date, and the remaining seven were expected to close in early 2023.

In August 2022, JD Sports announced that it tapped Régis Schultz to fill its CEO role, and would assume control of the company in September. In September 2022, JD Sports announced it reached a departure agreement with former executive chairman Peter Cowgill, who stepped down from his role in May.

Access exclusive content