JD Sports warned that anyone who made an online purchase between November 2018 and October 2020 from JD, Size?, Millets, Blacks, Scotts or Millets Sports could have been affected.

The retailer has written to customers potentially impacted by the hack, and notified the Information Commissioner’s Office about the security breach.

JD Sports said the affected data is limited as the retailer doesn’t hold full payment card data and it has no reason to believe that account passwords were accessed.

It said the information that may have been accessed consisted of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million customers.

Neil Greenhalgh, chief financial officer of JD Sports, said: “We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.

“We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”

What should JD Sports customers do?

While customers of the brands affected don’t need to take any specific action, they should remain vigilant to fraud attempts and be alert for any suspicious emails, calls or texts which say they are from JD Sports or any of its brands.

If you get an unexpected email or text purporting to be from JD Sports, you should not click on any links.