JD Sports has warned customers to be vigilant after it was targeted in a cybersecurity hack, which may have exposed its data to fraudsters.

JD Sports Piccadilly Circus video advert

JD Sports is working with cybersecurity experts to respond to the incident

The sportswear retailer said it has taken “immediate steps” to respond to a security breach concerning customer data from shoppers who placed online orders across the JD Sports, Size?, Millets, Blacks, Scotts and MilletSport brands between November 2018 and October 2020.

The retailer described the data breach as “limited” as it does not hold full payment card data and has no reason to believe account passwords were accessed. However, shoppers’ billing and delivery addresses, email addresses, phone numbers, order details and the final four digits of their payment cards may have been collected by hackers. 

The breach is thought to impact around 10 million customers and the retailer said it is working with leading cybersecurity experts and the relevant authorities to investigate and respond to the incident. 

JD Sports chief financial officer Neil Greenhalgh said: “We want to apologise to those customers who may have been affected by this incident.

“We are advising them to be vigilant about potential scam emails, calls and texts, and providing details on how to report these.

“We are continuing with a full review of our cybersecurity in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”

  • Get the latest fashion news and analysis straight to your inbox – sign up for our weekly newsletter