JD Sports Data Breach

It has been reported in the media that JD Sports have suffered a cyber incident, where reports suggest that 10 million customer records have been part of a data hack. Detail of the records that have been affected include;

1. Names

2. Billing and delivery addresses

3. Phone numbers

4. Order details

5. The final four digits of payment cards

The incident is still being investigated and it is still unclear as to what happened, JD Sports has notified the Information Commissioner’s Office (UK Data Commissioner) about the breach and they are informing customers to be aware of potential scams.

What is the take away from this?

We still don’t know how this happened and maybe we never will. Aside from training, using the latest technology and keeping all applications patched there are some practical take aways.

1. Understand the types of data that you collect and store (this is part of a “Data Protection Impact Assessment”)

2. When you no longer need data, delete it and practice data anonymisation.

When designing data tables, place additional protections on the more sensitive data types including financial and any “special categories of data”

Want to know more?

For more information on Cybersecurity best practice and how to increase awareness, contact us at cybersecurity@lss.ie or +353 1 8226460