JD Sports cyberattack compromises 10M customers

SiliconAngle reports that nearly 10 million customers of U.K. retailer JD Sports Fashion had their data stolen after a hack of its systems, impacting its JD, Blacks, Millets, MilletSport, Size?, and Scotts brands. Threat actors behind the attack were able to infiltrate a JD Sports system with customer information on certain online orders from November 2018 to October 2020, allowing access to customers' names, phone numbers, billing, delivery, and email addresses, order information, and payment cards' last four digits. JD Sports has already sought cybersecurity experts to help in responding to the incident as well as warned customers to be mindful of possible email scams arising from the attack. While an investigation on the cause of the data theft is underway, Next DLP Security Strategist Chris Denbigh-White noted that the incident was primarily caused by a misconfigured database, referencing a tweet from security researcher @0xyzqt. "This incident highlights the critical importance of robust database security measures and the consequences when these measures fail (or are absent), including data breaches and unauthorized access to sensitive information," said Denbigh-White.