(Reuters) – British sports and fashion retailer JD Sports Fashion was the victim of a cyber attack that compromised customer data related to historic online orders, it said on Monday.
The group said the data affected was “limited” as it does not store full payment card details and does not believe account passwords were accessed.
The attack affected online orders from brands JD, Size?, Millets, Blacks, Scotts and MilletSport between November 2018 and October 2020.
JD Sports said the information accessed included the name, billing address, delivery address, email address, telephone number, order details and last four digits of payment cards of around 10 million customers.
The group has apologized to customers and is contacting those affected to advise them to be alert to the risk of fraud and phishing attacks.
It is also investigating the incident, working with cyber security experts and liaising with the UK’s Information Commissioner’s Office (ICO), which is responsible for the country’s data protection.
Cyber attacks on British companies are becoming more common.
Earlier this month, Royal Mail’s export services were severely disrupted in what was described as a “cyber incident”.
(Reporting by Abby Jose Koilparambil in Bengaluru and James Davey in London; Editing by Rashmi Aich and William James)