JD Sports (among other JD Group entities) has started sending emails to around 10 million customers who placed orders with JD Group brands between Nov 2018 and Oct 2020 notifying them that their data has been compromised.
Apparently, attackers have gained access to the following customer information:
- Full name;
- Delivery and billing address(es);
- Email address;
- Phone number; and
- Final 4 digits of payment card and/or order details.
JD Group cannot yet confirm whether account password details were accessed. They have stated that they do not hold full payment card details.
Guardian article - JD Sports hit by cyber-attack that leaked 10m customers’ data
Hmm why are they even keeping that information for so long…