Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack

The sporting goods retail chain said the incident exposed portions of the its IT systems containing confidential information.

Retail chain Dick’s Sporting Goods has disclosed a cyberattack that potentially resulted in unauthorized access to confidential information.

In a regulatory filing with the Securities and Exchange Commission (SEC), Dick’s Sporting Goods said it discovered unauthorized third-party access to its information systems on August 21. The breach exposed portions of the company’s IT systems containing confidential information.

The company said it immediately activated its cyber response plan and engaged with security experts to investigate, isolate, and contain the attack. “The company has no knowledge that this incident has disrupted business operations,” it said.

While an investigation is ongoing, the retail chain said it did not believe that the attack was material. Federal law enforcement has been notified.

What Dick’s Sporting Goods did not say was how the attackers gained access to its network, whether personal information was stored on the compromised systems, and whether any threat actor attempted to extort it following the attack.

SecurityWeek has not seen any known ransomware groups claiming responsibility for the attack.

Given the company’s description of the incident, it is likely either that the attackers were not part of a ransomware group or that its security team discovered the intrusion before file-encrypting malware could be deployed.

SecurityWeek has emailed Dick’s Sporting Goods for additional information on the attack and will update this article as soon as a reply arrives.

Advertisement. Scroll to continue reading.

Founded in 1948, the retailer operates over 850 Dick’s Sporting Goods, Golf Galaxy, Public Lands, Moosejaw, Going Going Gone! and Warehouse Sale stores, an online store, a mobile app, Dick’s House of Sport and Golf Galaxy Performance Center, and mobile live streaming platform GameChanger.

Related: Cloud Misconfigurations Expose 110,000 Domains to Extortion

Related: Oil Giant Halliburton Confirms Cyber Incident, Details Scarce

Related: Staples Confirms ‘Cybersecurity Risk’ Disrupting Online Stores

Related: Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Mins

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move

Expert Insights