JD Sports targeted by cyber criminals

UK sports retailer JD Sports Fashion has become the latest high-profile target of a cyber- attack which has seen customer data relating to historical online orders compromised, it said.

The group said the affected data was “limited”, as it does not hold full payment card data and did not believe account passwords were accessed.

The attack related to online orders placed for the JD, Size?, Millets, Blacks, Scotts and MilletSport brands between November 2018 and October 2020.

JD Sports said information that may have been accessed consisted of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of about 10 million customers.

The group apologised to customers and is contacting those affected to advise them to be vigilant to the risk of fraud and phishing attacks.

It is also investigating the incident, working with cyber security experts and engaging with the UK’s Information Commissioner’s Office (ICO), the country’s data protection watchdog.

The attack on JD Sports follows similar high-profile attacks which have made the headlines in recent weeks, including one on the UK’s Royal Mail, which said on 11 January it was facing severe disruption to its export services following a cyber attack.

Meanwhile in the US, online sales specialist Ticketmaster was hit by a cyber-attack in November that it says led to the problems with ticket sales for Taylor Swift’s upcoming US tour.

Speaking to a congressional committee recently, the president of its parent company Live Nation said that a massive influx of traffic on the Ticketmaster website caused the slowdown in ticket sales.

Significantly, according to Joe Berchtold,  part of that was due to a cyberattack, Joe Berchtold, president of Ticketmaster parent company Live Nation, said.

During the Swift concert sales, Ticketmaster was “hit with three times the amount of bot traffic than we had ever experienced, and for the first time in 400 Verified Fan on-sales, they came after our Verified Fan access code servers,” Berchtold said.