JD Sports Hack Highlights UK Cyber Security Concerns

(Photo Credit: Fly:D/Unsplash)

Sign up for smart news, insights, and analysis on the biggest financial stories of the day.

Fancy a firewall, mate?

Manchester-based retailer JD Sports is the latest victim in a string of cyber attacks on major UK entities this month. So far, hackers have descended upon retail, postal delivery, fast food, and news outlets.

Of Many Black Hats

On Monday, JD Sports announced that the data of 10 million customers — including names, addresses, emails, phone numbers, and the last four digits of payment cards — were exposed in a recent cyberattack. The company said it doesn’t save full payment info and that there is no reason to believe customers’ online passwords have been obtained. So for now, patrons can rest easy.

The hack might have limited effects on JD’s bottom line. People still need a place to get their Air Jordans, and the company expects to surpass $1 billion in sales for the first time next fiscal year, but the pilfering speaks to growing concern over cyber attacks in the UK. Though not quite fire sale territory, it appears hackers are diversifying their victims:

  • Royal Mail was hacked in mid-January, causing severe disruptions to its international shipping operations and exacerbating the fallout of ongoing staff strikes that had already cost the company more than $200 million. Small businesses and online merchants were hit the hardest with one jeweler telling the Financial Times she lost “hundreds of pounds” refunding customers who never received their orders. Though not 100% confirmed, some believe the attack was handled by LockBit, a presumably Russian hacker group that specializes in ransomware.
  • Just last week, a similar ransomware attack on the fast food industry forced the shutdown of 300 KFCs, Taco Bells, and Pizza Huts across the UK. Luckily parent company Yum Brands was able to contain and thwart the hack, and the stores reopened the next day.

Gone Phishin’: In 2022, the UK was hit by the third most cyber attacks, right after Canada and the US, according to NordLocker. The UK National Cyber Security Centre has warned that more spear-phishing scams from Russian and Iranian state-sponsored groups are likely to come. Spear-phishing is a very targeted form of cyber attack, often involving emails that appear to be from people or businesses you’re familiar with. It’s slightly more clever than the old Nigerian Prince scam. A word of advice, if your “boss” sends you an odd email asking you to open a link and enter sensitive information, don’t do it. Your real boss will thank you for keeping the company out of harm’s way.