JD Sports has confirmed that a cyber attack that hit the company between 2018 and 2020 may have exposed the data of 10 million customers.
The company said this in an email sent to users today, Information security.
“We would like to inform you about a security incident involving the data of some customers of the JD Group brand who placed orders between November 2018 and October 2020. According to our records, we may be impacted.” Read your email.
JD Sports said the company was targeted in an attack that resulted in unauthorized access to systems containing historical customer data related to some online orders placed between November 2018 and October 2020. .
“Our security team responded quickly and there was no subsequent unauthorized access to this server. We are coordinating with relevant authorities as necessary.”
The information accessed included full names, shipping and billing addresses, email addresses, phone numbers, the last four digits of payment cards, and/or order details, according to the company.
“While disclosing breaches is the right and necessary thing to do, you can also help hackers by providing customers with password reset emails that trick them into revealing their passwords and payment information.” Founder grip security. “In the future, there may be additional impacts from this breach.”
The breach is relatively old, but Jamie Cameron, Security Consultant adharmaJD Sports customers said they should change their JD Sports account passwords and passwords on all sites that use the same email and password combination to prevent credential stuffing attacks.
“We also need to pay attention to unusual card transactions. Customers should be especially vigilant against phishing attacks,” said Cameron. Information security on mail.
Breach disclosure comes weeks after American fast food restaurant chain Five Guys confirmed another data breach Affect customer data.
