Personal and financial information has potentially been accessed by hackers after JD Sports was targeted between November 2018 and October 2020.

Fashion retailer JD Sports has today announced that 10 million of its customers may have had their details breach in a huge cyber-attack. The sports retailer has said personal and financial details have potentially been accessed.

The company has said the incident affected some online purchases made by customers between the years of November 2018 and October 2020, with targeted purchases of its JD, Size?, Millets, Blacks, Scotts and Millets Sports brands.

JD Sports has informed the Information Commissioner’s Office about the security breach, and has said it now contacting affected customers, warning them to be vigilant of potential scams.

Below is the email that has been sent out this week:

JD Sports has said that card payment details are safe, but addresses, phone numbers and emails are not.

Its chief financial officer, Neil Greenhalgh, has said:

We want to apologise to those customers who may have been affected by this incident.

We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these.

JD Sports said it had taken the “necessary immediate steps” to investigate and respond to the incident, including working with cybersecurity experts, and to be aware of potential fraud and phishing attacks and “be on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands”.

Increasing Cyber-Attacks

This is the latest in a long string of cyber-attacks that have hit various UK companies in the past few months.

Last Thursday, Royal Mail was able to resume international signed deliveries for business customers after an attack of their own. The parcel delivery firm had warned it had experienced “severe disruption” and was unable to send millions of letters and parcels due to a “cyber incident” by a cell of hackers believed to be linked to Russia.

The Guardian newspaper was also recently subject to a ransomware attack in December after staff’s personal details were targeted in a “highly-sophistcated” cyber-attack.

Experts warn that these attacks could continue to increase as hackers become more sophisticated and as more of our lives are housed online.

Data Breach Compensation

If you believe your data has been stolen after you trusted a business to keep it safe, you may be eligible for thousands in data breach compensation.

While many companies will take the appropriate actions to safeguard our data, some will cut corners, leaving them vulnerable to cyberattacks. If your data has been exposed due to the security failures of an organisation that held your personal details, you have a right to claim data breach compensation for your suffering.

If your private information has been stolen, misused, disclosed to third-parties without your permission, or lost, and you have suffered financial loss or distress, then you may be eligible to claim.

Examples of data breaches include:

• Bank details being stolen via a cyber attack
• Private details being used for fraud or identity theft
• Names and addresses of customers appearing online
• Names and addresses of those who have signed up to sensitive websites, such as dating sites, being exposed
• Medical details being wrongly distributed
• Personal details being distributed in a group email

Compensation for a GDPR infringement occurs where there has been a significant breach of your data and you wish to file a claim for the suffering it has caused.

Typical data breach compensation claims, like the leaking of your name, date of birth, home address, and email address, can equate to £900-£2,000. For more serious breaches, such as medical information or financial information being divulged, this figure may rise to £8,000.

Find out today if you are eligible by getting in touch on the form below.