British sports fashion retail firm JD Sports on Monday revealed that it has discovered a data breach impacting roughly 10 million of its customers.
According to the company, the cyber incident affects information provided by customers who placed online orders between November 2018 and October 2020. The JD, Size, Millets, Blacks, Scotts and MilletSport brands are impacted.
Based on the company’s brief description of the incident, it’s possible that hackers stole names, billing addresses, delivery addresses, phone numbers, email addresses, order details, and last four digits of the customers’ payment cards.
There is no indication that full payment card data or account passwords were compromised.
The company has called in external cybersecurity experts to investigate the incident and authorities in the UK have been notified. The investigation is ongoing.
In its statement, JD Sports warned customers that they may be targeted in scams and phishing attacks.
Related: Fashion Retailer Guess Notifies Users of Data Breach
Related: German Privacy Watchdog Investigates Clothing Retailer H&M
Related: Clothing Retailer Fallas Hit by Payment Card Breach