em360tech image

JD Sports has warned that 10 million customers may have had their addresses, phone numbers and email addresses seized by hackers after a large-scale cyber attack struck the retailer. 

The breach resulted in unauthorised access to a system that contained customer data from orders placed between November 2018 and October 2020, impacting brands including JD, Size?, Millets, Blacks, Scotts and MilletSport.

In an email to customers, the sportswear retailer urged customers to “be vigilant,” but assured that the “affected data is limited” and did not include payment details or account passwords. 

“We were the target of an attack that has resulted in unauthorised access to a system that contained historic customer data,” the fashion retailer explained.

JD Sposaid it has taken the “necessary immediate steps” to respond to the incident, but warned customers to “be on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.”

“Our security team responded quickly and there has been no subsequent unauthorised access to the server.” We are engaging with the relevant authorities, including the Uk’s Information Commissioner’s Office (ICO), as necessary.”

UK Enterprises in Chaos

The attack on JD Sports comes a week after Royal Mail was finally able to resume international deliveries after a ransomware attack left its delivery service in chaos. 

Attacks on UK enterprises have surged in recent months, with some of the largest and well-respected corporations and critical public services being infiltrated by hackers.

Last Summer, the UK’s National Health Service (NHS) was hit by a large-scale ransomware attack that destroyed key medical systems and forced doctors to keep patient records on pieces of scrap paper. 

Experts have warned that the UK government needs to do more to ensure that public services and large corporations are protecting the data of their customers. 

Ricard Staynings, Chief Security Strategist at Cylera, said in response to the Royal Mail attack: “Robust cyber-defence is critical to any key national industry, but as we have seen in the UK over the past few years, critical industries seem to be constantly attacked and damaged, suggesting that the UK government is not taking cybersecurity seriously enough.” 

“When a critical infrastructure industry is disrupted or attacked, its impact travels far, affecting many other businesses and individuals. For this reason, these industries are supposed to be afforded extra levels of protection by the government,” he added.

The UK's surge in cybercrime 

Like the rest of the world, cyberattacks on British businesses have become increasingly prevalent as fraudsters launch more sophisticated attacks and security teams struggle to keep up with the rapidly changing threat landscape. 

According the CyberEdge 2022 Cyberthreat Defense Report (CDR), over 80 per cent of UK businesses fell victim to cyberattacks in 2022, and the number is expected to rise this year. 

Online shopping platforms like JD Sports were the single biggest source of fraudulent activity in terms of the number of cases in 2020, with 67,400 cases and £103 million stolen that year. 

JD Sports said that the financial details of its customers were not stolen by the attack as they were stored in the company’s systems. Customers of other shopping websites were not so fortunate.

In its 2022 Fraud and Cybercrime Report, Money.co.uk found that criminals are stealing larger sums of money in each fraud, with a total of £4 billion being stolen in the space of a year. 

“Cybercrime has been dominating the headlines over the past two years as fraudsters are becoming more sophisticated in their attacks, the report summary wrote. 

“Successful criminals are stealing hundreds of thousands of pounds from just a single intrusion in some cases,” it added.

To read more about cybercrime, visit our dedicated Business Continuity Page.