JD Sports is contacting customers who have been affected by a cyber attack that may have exposed their personal details.
The incident impacted 10 million people who placed orders between November 2018 and October 2020.
Customer names, delivery, billing and email addresses, phone numbers, and the last four digits of bank cards were potentially exposed.
It includes people who shopped at JD as well as the group’s Size, Millets, Blacks, Scotts, and MilletSport brands.
The sportswear company does not believe account passwords were accessed, and has assured people affected that their full payment card details were not held.
However, they are being warned to watch out for scam emails, calls, and texts.
In an email to customers, JD Sports said: “We take the protection of customer data extremely seriously and we are sorry this has happened.”
More from Science & TechThe company has said it is engaging with the UK’s Information Commissioner’s Office about the attack.
“We have taken the necessary immediate steps to investigate and respond to the incident, including working with leading cyber security experts,” the firm added.
AdvertisementNeil Greenhalgh, chief financial officer of JD, said: “We are continuing with a full review of our cyber security in partnership with external specialists following this incident.
“Protecting the data of our customers is an absolute priority for JD.”