Posted 30th Jan 2023
Huge data breach, after the JD Group was hit by a cyber attack., information below. Funnily enough, i've been getting recent calls, quite an increase actually on scammers trying to say they're from Amazon, BT, Natwest, Vodafone, Paypal & more.
Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber attack.
The company said information that "may have been accessed" by hackers included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards.
The data related to online orders between November 2018 and October 2020.
JD Sports said it was contacting affected customers.
The group said the affected data was "limited". It added it did not hold full payment card details and did not believe that account passwords were accessed by the hackers.
"We want to apologise to those customers who may have been affected by this incident," said Neil Greenhalgh, chief financial officer of JD Sports. "Protecting the data of our customers is an absolute priority for JD."
The attack related to online orders placed for the JD, Size?, Millets, Blacks, Scotts and MilletSport brands and it is understood it was detected by the company in recent days, but only the historical data was accessed.
The company said it was working with "leading cyber security experts" and was engaging with the UK's Information Commissioner's Office in response to the incident.
Mr Greenhalgh said affected customers were being advised "to be vigilant about potential scam e-mails, calls and texts".
Email being sent out states:
Dear Customer,
We wish to inform you about a security incident involving the data of some customers of JD Group brands who placed orders with us between November 2018 and October 2020. Our records show that you may be affected.
The affected data is limited.
We do not hold full payment card details and we do not believe account passwords were accessed.
However, we want to advise our customers to be vigilant for scam emails, calls and texts.
We take the protection of customer data extremely seriously and we are sorry this has happened.
What happened?
We were the target of an attack that has resulted in unauthorised access to a system that contained historic customer data relating to some online orders placed between November 2018 and October 2020. Our security team responded quickly and there has been no subsequent unauthorised access to this server. We are engaging with the relevant authorities as necessary.
What information is involved?
Only limited information was held on this database consisting of full name, delivery and billing address(es), email address, phone number, final 4 digits (only) of payment card and/or order details.
What you can do
While you do not need to take any specific action, please remain vigilant to fraud attempts and be alert for any suspicious emails, calls or texts which say they are from JD Sports or any of our Group brands. Avoid clicking on links in any unexpected emails or texts.
You can also find helpful information about protecting yourself from phishing scams at the National Cyber Security Centre at ncsc.gov.uk/collection/phishing-scams/spot-scams. If you want to report any suspicious activity to law enforcement, please contact Action Fraud (the UK’s National Fraud and Cyber Crime Reporting Centre) at actionfraud.police.uk.
Please do not reply to this email. If you would like to contact us about this matter, you can email us at Privacy.Support@jdplc.com.
How can i help potect myself?
Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber attack.
The company said information that "may have been accessed" by hackers included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards.
The data related to online orders between November 2018 and October 2020.
JD Sports said it was contacting affected customers.
The group said the affected data was "limited". It added it did not hold full payment card details and did not believe that account passwords were accessed by the hackers.
"We want to apologise to those customers who may have been affected by this incident," said Neil Greenhalgh, chief financial officer of JD Sports. "Protecting the data of our customers is an absolute priority for JD."
The attack related to online orders placed for the JD, Size?, Millets, Blacks, Scotts and MilletSport brands and it is understood it was detected by the company in recent days, but only the historical data was accessed.
The company said it was working with "leading cyber security experts" and was engaging with the UK's Information Commissioner's Office in response to the incident.
Mr Greenhalgh said affected customers were being advised "to be vigilant about potential scam e-mails, calls and texts".
Email being sent out states:
Dear Customer,
We wish to inform you about a security incident involving the data of some customers of JD Group brands who placed orders with us between November 2018 and October 2020. Our records show that you may be affected.
The affected data is limited.
We do not hold full payment card details and we do not believe account passwords were accessed.
However, we want to advise our customers to be vigilant for scam emails, calls and texts.
We take the protection of customer data extremely seriously and we are sorry this has happened.
What happened?
We were the target of an attack that has resulted in unauthorised access to a system that contained historic customer data relating to some online orders placed between November 2018 and October 2020. Our security team responded quickly and there has been no subsequent unauthorised access to this server. We are engaging with the relevant authorities as necessary.
What information is involved?
Only limited information was held on this database consisting of full name, delivery and billing address(es), email address, phone number, final 4 digits (only) of payment card and/or order details.
What you can do
While you do not need to take any specific action, please remain vigilant to fraud attempts and be alert for any suspicious emails, calls or texts which say they are from JD Sports or any of our Group brands. Avoid clicking on links in any unexpected emails or texts.
You can also find helpful information about protecting yourself from phishing scams at the National Cyber Security Centre at ncsc.gov.uk/collection/phishing-scams/spot-scams. If you want to report any suspicious activity to law enforcement, please contact Action Fraud (the UK’s National Fraud and Cyber Crime Reporting Centre) at actionfraud.police.uk.
Please do not reply to this email. If you would like to contact us about this matter, you can email us at Privacy.Support@jdplc.com.
How can i help potect myself?
- A good place to check if your email has been leaked is by using haveibeenpwned.com/ (keep checking back) haveibeenpwned.com/About
- Look out for any weird texts claiming to be from the likes of JD/ JDGroup, also any strange emails from those pretending be be from your bank and strange delivery links asking for further information. If you are unsure, ring the bank or the retailler DIRECTLY, they then should confirm if a scam or not.
- Be careful about giving personal information away - Some scammers try to get your personal information – for example, the name of your primary school or your National Insurance number. They can use this information to hack your accounts. If you come across sites that ask for this type of information without an obvious reason, check they’re legitimate.
Community Updates
Categories
Discussions Top
What shops blow up your own helium balloon please?
Anonymous User
18
100 Comments
sorted byAktiesport
Whats their definition of limited? Surely thats everything a customer provided minus the whole card number.
Btw staff in firms look at your details all day long,. your data is at risk from internal and external forces.
Take some precautions yourself...i.e use an alias email account like duckduckgo's one..simple to set up and you can still use your usual email provider.
Don't forget the hackers aren't looking for tech savvy folks details, they are aiming to IID the easy targets.
Thanks JD
Every company has to hold info for at least 6 years, so these hackers got into this area of the business.
Edit: that's why when stuff like this happens I hate seeing the IT teams taking the brunt of the flack! (edited)
There is even software that can hack any phone.. even if you have never received a text or email.
If I can help it, I always use fake details. Why should company xyz have my real DOB?
Sick of JD sports treating customers this way. Pack up and go bust JD sports.
Worded badly but then it is JD. Worded as if saying the breach was 2018-2020 not that it's data from that period
After just eat managed to not keep my details safe and I got bit by fraudulent activity I keep my card frozen for online purchases now using the NatWest app
JD are pathetic they can't even have an online stock system that's accurate (edited)
The only way I can ever order anything is via klarna or clear pay
I never receive order emails but they show in my account and I only know items been shipped when I get an evri email
Terrible company
Any no win no fee lawyers for instant money?
They were hit by JD sport 😡😡
Edit: oh never mind, it was older data. (edited)
It was only a small breach just all your details... They really care about data privacy it seems.
It landed in my gmail spam as it was written in Portuguese!?!?!
The sender address looks suspect, news@email-jdsports.com, but I cannot see any phishing links in the email so no idea what is going on