Data Breaches

Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack

The sporting goods retail chain said the incident exposed portions of the its IT systems containing confidential information.

Published

The sporting goods retail chain said the incident exposed portions of the its IT systems containing confidential information.

Retail chain Dick’s Sporting Goods has disclosed a cyberattack that potentially resulted in unauthorized access to confidential information.

In a regulatory filing with the Securities and Exchange Commission (SEC), Dick’s Sporting Goods said it discovered unauthorized third-party access to its information systems on August 21. The breach exposed portions of the company’s IT systems containing confidential information.

The company said it immediately activated its cyber response plan and engaged with security experts to investigate, isolate, and contain the attack. “The company has no knowledge that this incident has disrupted business operations,” it said.

While an investigation is ongoing, the retail chain said it did not believe that the attack was material. Federal law enforcement has been notified.

What Dick’s Sporting Goods did not say was how the attackers gained access to its network, whether personal information was stored on the compromised systems, and whether any threat actor attempted to extort it following the attack.

SecurityWeek has not seen any known ransomware groups claiming responsibility for the attack.

Advertisement. Scroll to continue reading.

Given the company’s description of the incident, it is likely either that the attackers were not part of a ransomware group or that its security team discovered the intrusion before file-encrypting malware could be deployed.

SecurityWeek has emailed Dick’s Sporting Goods for additional information on the attack and will update this article as soon as a reply arrives.

Founded in 1948, the retailer operates over 850 Dick’s Sporting Goods, Golf Galaxy, Public Lands, Moosejaw, Going Going Gone! and Warehouse Sale stores, an online store, a mobile app, Dick’s House of Sport and Golf Galaxy Performance Center, and mobile live streaming platform GameChanger.

Related: Cloud Misconfigurations Expose 110,000 Domains to Extortion

Related: Oil Giant Halliburton Confirms Cyber Incident, Details Scarce

Related: Staples Confirms ‘Cybersecurity Risk’ Disrupting Online Stores

Related: Extortionist Hacker Group SnapMC Breaches Networks in Under 30 Mins

In this article:,

Related Content

Ransomware

Malware & Threats

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control.

2 days ago

Ransomware

Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Mackay Sugar was targeted in a cyberattack carried out by a threat group known as The Gentlemen.

4 days ago

Cybercrime

Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges

Oleksii Oleksiyovych Lytvynenko admitted to working on the development of a loader for the Conti gang.

4 days ago

Ransomware

Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks

The authentication bypass vulnerability allows attackers to establish VPN connections without a valid password.

June 9, 2026

Ransomware

Silent Ransom Group Uses DNS Fast Flux in Attacks

Focusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure.

June 8, 2026

Data Breaches

American Lending Center Data Breach Affects 123,000 Individuals

The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation.

May 15, 2026

Data Breaches

Foxconn Confirms North American Factories Hit by Cyberattack

The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents.

May 13, 2026

Data Breaches

West Pharmaceutical Services Hit by Disruptive Ransomware Attack

The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware.

May 12, 2026

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version