JD Sports, a British sportswear store, revealed on Monday that a hack that started a decade ago exposed the data of roughly 10 million distinct consumers.
The company says that the "attack" compromised customer data for orders placed between November 2018 and October 2020 in data breach notices shared by affected customers.
The Data Breach Can Result In Bigger Attacks Against Compromised Individuals
According to JD Sports, it discovered the unauthorized access right away and acted rapidly to protect the compromised server, thwarting further attempts to get access.
The chain stated on Monday that the incident entailed unauthorized access to a system that contained the following information, according to Bleeping Computer:
Full name
Billing details
Delivery address
Email address
Phone number
Order details
Four final digits of the payment card
The retailer said it was getting in touch with affected consumers and alerting them to potential scams after notifying the Information Commissioner's Office about the security incident.
With this, it is important to note that the exposed individuals could be the target of phishing or social engineering attempts using this information.
"We are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks," claims the incident report.
This requires keeping an eye out for any erroneous or strange communications that may appear to be coming from JD Sports or one of their group brands.
According to JD Sports, it is impossible for comprehensive financial information to have been compromised because it does not keep full payment card details for online orders.
Despite this, the company said it has no evidence to assume account credentials were accessed, and the same is true of credit card numbers.
Read More: League Of Legends Developer Riot Games Refuses To Pay Ransom Demand From Hackers
The Retailer Has Coordinated With Authorities Regarding The Incident
The company posted a notification on the portal of the London Stock Exchange and informed the authorities about the security incident.
The notice explained that the security incident also impacted the company's sub-brands JD, Size?, Millets, Blacks, Scotts, and MilletSport, The Guardian details.
"We are continuing with a full review of our cybersecurity in partnership with external specialists following this incident," JD Sports chief financial officer Niel Greenhalgh says.
Some receivers of the warning questioned JD Sports' choice to keep a historical record of online orders filled more than four years ago, raising the possibility of a data breach.
This month, Royal Mail disclosed that it had been the victim of a ransomware attack by a criminal gang, The Guardian notes.
The hackers reportedly threatened to post the data that had been stolen online, and the company said it was unable to handle international parcel and letter deliveries.
JD Sports was informed that, as a precaution, it would be wise to reset passwords into stronger and more unique ones, and be on the lookout for phishing emails, Bleeping Computer writes.
Related Article: KFC, Taco Bell Parent Company Gets Data Stolen From Ransomware Attack