SHOPPERS are being warned after a major high street shop was the target of a cyber attack, leaking customer details.
Around ten million JD Sports customers might have had their personal information leaked online including their names, addresses, and phone numbers.
Shoppers are being warned after JD Sports was the target of a cyber attack
The high street retailer says it has taken “immediate steps” to investigate and respond to the unauthorised incident.
Hackers accessed a system which contained information on orders placed between November 2018 and October 2020 by JD Sports customers, the company said.
The impacted brands include JD, Size?, Millets, Blacks, Scotts and MilletSport.
Neil Greenhalgh, chief financial officer of JD Sports, said: “We want to apologise to those customers who may have been affected by this incident.
“We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.
“We are continuing with a full review of our cyber security in partnership with external specialists following this incident.”
JD Sports says it does not hold full payment card data and has “no reason to believe” that account passwords were accessed.
The information that may have been accessed includes:
NameBilling addressDelivery addressEmail addressPhone number Order detailsFinal four digits of payment cards
Affected customers are being contacted directly and are being advised to be vigilant about potential scam emails, calls or texts.
Virgin Media customers were previously told to change their passwords following a data breach, which left 900,000 customers unsecured.
Millions of EasyJet customers also had their personal details stolen in a data breach, leaving some eligible for compensation.
British Airways previously agreed to pay compensation to some customers who were victims of a data breach.
It’s too early to say if JD customers will be able to get compensation.
What to do if you’re affected
Thieves may use your personal details to target you with emails, texts and calls.
If you receive any emails asking you for personal or financial details, forward them to the Suspicious Email Reporting Service (SERS): [email protected].
Keep an eye on your bank accounts for any unusual activity. If you notice any unauthorised transactions, notify your bank or card company.
You may also get suspicious phone calls and emails asking for further information.
Do not hand over your details and check with your bank to see how they will contact you if they need extra information from you.
If you have been affected, it’s a good idea to change your passwords on your JD account and also your online bank accounts.
If you have been a victim of cyber crime, contact Action Fraud.
Can I get compensation as a result of the hack?
GDPR gives consumers the right to claim compensation for data breaches like this but only if you suffer damage as a result, for example, you lost money.
Solicitors Leigh Day state the amount of compensation you could receive if you’re the victim of a data breach depends on the exact circumstances relating to the breach, including:
Sensitivity of the information stolenHow many people accessed your informationLength of time between the breach occurring and being informedHow long unauthorised access to the data was / is availableAnxiety and emotional distress encounteredAny financial losses experienced
How to keep yourself safe from hackers and scammers
There are steps you can take to protect yourself from scams.
Make a ‘strong’ password with eight or more characters and a combination of upper case characters, numbers and symbols.
You should also use different passwords for different sites.
Don’t click on dodgy email links claiming to be from banks.
Only shop online on secure sites and don’t store your card details on websites.
Do you have a money problem that needs sorting? Get in touch by emailing [email protected]