JD Sports could be fined £17.5m after data breach
JD Sports could face fines of up to £17.5m or even more after 10 million customers had their data leaked following a cyber-attack.
The retailer said the incident had affected customers who had placed orders between November 2018 and October 2020 and targeted purchases of products from its JD, Size?, Millets, Blacks, Scotts and Millets Sport labels.
JD Sports has since notified the Information Commissioners Office.
“We want to apologise to those customers who may have been affected by this incident,” said JD Sports chief financial officer Neil Greenhalgh.
“We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these”, he added.
Jonathon Compton, a partner at law firm DMH Stallard, said that JD Sports can expect fines under Part 6 of the Data Protection Act 2018: “The higher maximum amount is £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher”, he said.
Jamie Cameron, security consultant at Adarma, said: “JD sports customers should change their passwords for their JD Sports account and any site that they use the same email password combination on to prevent credential stuffing attacks. They should also keep an eye out for any unusual card transactions. Customers should be especially vigilant against phishing attacks.”