JD Sports hack: A reminder to take cyber security seriously


High profile cyber-attacks have dominated the headlines in recent weeks, and JD Sports is amongst the latest big businesses to fall prey to criminals. The sportswear chain has revealed that hackers may have gained access to data relating to 10 million customers, including names, billing addresses, phone numbers and the final four digits of payment cards.


In statement, Chief financial officer Neil Greenhalgh apologised, saying, “We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and [are] providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists.”

Increasing risk

This latest security breach highlights the fact that no business is safe from cyber criminals. Other recent incidents include attacks on both the Royal Mail and The Guardian, which was subject to a ransomware hack in December.


And for every cyber breach that hits the headlines, there will be numerous attacks on SMEs that don’t make the news. Research suggests almost four in ten UK companies have suffered a cyber incident in the last year alone, but SME’s often lack the knowledge and resources to protect themselves. During these harsh economic times we know how easy it is for cyber-security to slip through the net, but for many businesses, it’s not a case of ‘if’ an attack will happen, it’s a case of ‘when.’


“It is vital that every organisation take cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk,” said MP Julia Lopez, who has urged companies to take preventative action. “No matter how big or small your organisation is, you need to take steps to improve digital resilience now.”

Fraud and phishing

Although limited information is known about the incident at JD Sports, the company has revealed that the affected brands included JD, Size?, Millets, Blacks, Scotts and MilletSport. The hack resulted in unauthorised access to a system containing customer data relating to some online orders placed between November 2018 and October 2020. This data could be used for phishing or social engineering attacks against affected individuals.


In a statement to the London Stock Exchange, JD Sports said, “We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts. We are engaging with the relevant authorities, including the UK’s Information Commissioner’s Office (ICO), as necessary.

“We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks. This includes being on the look-out for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands.”

The last few years have seen a shock increase in the levels of cyber-crime. And while many SME’s mistakenly believe they are not big enough to be of interest to hackers, everyone is a potential victim. In fact, smaller businesses are often viewed as easier targets, partly because their cyber defence budgets are lower. Ultimately, it is more vital than ever to keep your data safe from hackers, and that means proper planning and preparation.


Be vigilant

One of the “consistent lessons” that emerged from the government’s Cyber Security Breaches Survey was the importance of staff vigilance. Scammers often use social engineering techniques to gain access to a company’s network, and weak passwords provide an easy route into your data. Consider implementing a company policy on strong password practices, or install a password manager. This cost-effective software generates complex passwords that access your network and store them in an encrypted database.

Keep on top of updates

They may be frustrating at times, but ignore software and app updates at your peril. These are specifically designed to include security upgrades, which patch weaknesses that can be exploited by cyber-attackers. Outdated software is a treasure-trove for criminals and has been linked to some of the most prolific malware attacks.


Invest in anti-virus software

When it comes to anti-virus software, it pays to invest. Without it, your computers and mobile devices are vulnerable to viruses or malware, so don’t cut corners.


Cyber-security is a notoriously thorny issue and we appreciate it can be difficult to know where to start, but this is why we are here to help. Our aim is to turn cyber complexity into cyber confidence, so why not contact us now for a free, 30-minute consultation. We’ll help your business grow safely.


At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.