JD Sports has admitted they experienced a cyber security incident. One of their systems containing customer data related to online orders placed between November 2018 and October 2020 was illegally accessed. The data that may have been accessed includes the names, billing and delivery addresses, email addresses, phone numbers, order details, and the final four digits of payment cards of about 10 million unique customers.

The affected brands are JD, Size?, Millets, Blacks, Scotts, and MilletSport. JD Sports does not hold complete payment card data and has stated they have no reason to believe that account passwords were accessed. The company has taken immediate action to investigate and respond to the incident, including working with leading cyber security experts and engaging with relevant authorities such as the UK Information Commissioner’s Office.

JD Sports said they are proactively contacting affected customers and advising them to be vigilant against potential fraud and phishing attacks. The company is also conducting a full review of its cyber security in partnership with external specialists.