Customer data filtered at JD Sports

JD Sports, a retailer of sportswear, has suffered a cyber-attack that resulted in unauthorised access to a system containing customer data relating to online orders placed between 2018 and 2020.

The leaked information, which affects several of the group's brands, contains data such as name, billing address, delivery address, email, telephone number, order details and the last four digits of the payment cards of approximately 10 million unique customers.

The company has brought the incident to the attention of the relevant authorities, including the UK Information Commissioner's Office (ICO), and is investigating it with the help of external specialists.