Britain's JD Sports says customer data accessed by cyber attack

JD Sports logo on exterior of store in London
JD Sports logo is seen on the exterior of a store in London, Britain, November 17, 2021. Picture taken November 17, 2021. REUTERS/May James

Jan 30 (Reuters) - British sports and fashion retailer JD Sports Fashion (JD.L) has been the victim of a cyber attack which saw customer data relating to historical online orders compromised, it said on Monday.

The group said the affected data was "limited", as it does not hold full payment card data and did not believe account passwords were accessed.

The attack related to online orders placed for the JD, Size?, Millets, Blacks, Scotts and MilletSport brands between November 2018 and October 2020.

JD Sports said information that may have been accessed consisted of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of about 10 million customers.

The group apologised to customers and is contacting those affected to advise them to be vigilant to the risk of fraud and phishing attacks.

It is also investigating the incident, working with cyber security experts and engaging with the UK's Information Commissioner's Office (ICO), the country's data protection watchdog.

Cyber attacks on UK companies are becoming increasingly common.

Earlier this month the Royal Mail's export services were severely disrupted by what it described as "a cyber incident."

Reporting by Aby Jose Koilparambil in Bengaluru and James Davey in London; Editing by Rashmi Aich and William James

Our Standards: The Thomson Reuters Trust Principles.