JD Sports isn't having a particularly good day, and neither do the sports retailer's customers.
The company said that personal data from 10 million customers "may have been accessed" by hackers, the BBC(opens in a new tab) reported Monday. The data is related to online orders made between November 2018 and October 2020, from JD Sports' brands JD, Size?, Millets, Blacks, Scotts, and Millets Sport. It includes names, addresses, email accounts, phone numbers, order details, and the final four digits of bank cards.
The silver lining, according to JD Sports, is that hackers did not access full payment card details. The company also doesn't believe that account passwords were accessed by hackers.
"We want to apologise to those customers who may have been affected by this incident," said Neil Greenhalgh, chief financial officer of JD Sports. The company said it was contacting customers who may have been affected by the hack, telling them(opens in a new tab) to "be vigilant about potential scam emails, calls and texts."
There's no word on why it took well over a year to discover the hack and make it public.
The UK's Royal Mail(opens in a new tab) was recently hit by a ransomware cyberattack, with hackers threatening to publish stolen customer data online. And just days ago, some 35,000 PayPal users(opens in a new tab) were hit by a cyberattack in which hackers accessed users names, postal addresses, and tax identification numbers, among other data.