North-west retailer reports major cyber attack

North-west sports retailer, JD Sports, has reported that it has been hit by a cyber attack, and is contacting 10 million customers to warn them that their data may have been compromised.

The Bury-based retailer has revealed that customers who placed online orders with the group’s brands, JD, Size?, Millets, Blacks, Scotts and MilletSport, between November 2018 and October 2020 may have been affected by the attack, with perpetrators gaining access to personal details (names and addresses), contact details and the last four digits of bank card numbers.

The retailer is contacting customers directly, and has also reported the breach to data protection regulator, the Information Commissioner’s Office (ICO).

JD Sports chief financial officer Neil Greenhalgh said:

“We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.

“We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”

In light of the scale of the breach, Dave Taylor, managing director of Stockport-based IT support specialists, Amshire IT, shared the following advice for businesses that may be concerned about a similar cyber attack affecting them and their customers:

“It’s still too early to know what has actually happened to JD Sports and what people could actually do to protect themselves / their businesses.

“Things to help reduce your risk of a cyber incident include:

• The use of Multi Factor Authentication on all accounts including remote access (VPN’s) for working remotely.
• Invest in getting Cyber Essentials to help give you the foundations to protect against 80% of Cyber breaches.
• Continuously train staff how to look out for threats such as Business Compromise Email or Phishing emails asking.
• To help prevent data leakage look at whitelisting applications and ring fencing all Users, Systems and data using the framework around ZeroTrust which is industry best practise.

“ZeroTrust is something that we’re now rolling out to a number of clients.  The benefit to application whitelisting is that only authorised Applications can run so any untrusted software, including ransomware and malware can’t run by default.”