The major sports and fashion chain JD Sports has revealed it has been the victim of a major cyberattack. The firm announced that approximately 10 million customers have had their data exposed as a result of the hack. In a statement to investors, the CFO of JD Sports apologised to customers, and advised them to “be vigilant about potential scam e-mails, calls and texts”.
The statement from JD Sports acknowledges the risks for customers whose data is exposed in a breach of this kind. The impact of a data breach can be long-lasting, with the potential to cause significant financial and emotional consequences. Most importantly, hackers can use the data they steal to acquire further data through elaborate scams and phishing attacks.
As a result, it’s important that data breach victims understand not only how to protect themselves, but also how to claim compensation if they’ve been impacted. In this post, we’ll look more closely at the steps those affected by the JD Sports data breach can take to minimise the impact, as well as how data breach compensation works.
Who was affected by the JD Sports data breach?
The JD Sports data breach was first announced on 30th January 2023, with the company indicating it would be contacting customers whose data has been stolen. It is not clear how long this will take, but JD Sports have specified that the hack affects some of the customers who made online orders between November 2018 and October 2020.
Most concerning is the array of data that has been seized by the hackers. According to JD Sports, hackers may have been able to access the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards for some 10 million unique customers.
The company was eager to stress that they do not hold full payment card details for customers. As a result, it is likely the hackers will not be able to directly make financial transactions using the data stolen. They have also stated that they “have no reason to believe that account passwords were accessed”.
What should you do if you’ve been affected?
Though it is a relief that the hackers were not able to access certain particularly sensitive information during this hack, the data they were able to get their hands on is itself cause for concern. It is still possible that hackers can use this data to access your bank account or other online services through a variety of strategies.
Most significantly, it allows the hackers to impersonate a reliable or trusted organisation in order to solicit further information from you. This strategy is known as phishing, and it can be remarkably effective.
In order to safeguard against these risks, anyone who is concerned they may have been affected by the JD Sports data breach should:
- Change their passwords for online accounts.
- Check with their bank to make sure no suspicious activity has taken place.
- Activate two-factor authentication (2FA) for any services that offer it.
- Be alert to potential scams by phone, text message or email.
These steps will help you to minimise the risks you face as a result of the data breach. However, there can still be significant consequences for victims of a hack like the JD Sports data breach. That’s why it’s important to know that in some cases victims can be entitled to compensation.
Can you claim compensation for a data breach?
Companies that handle personal data have a responsibility under the law to ensure it is properly safeguarded. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018 set out the steps that companies must take to keep data safe.
JD Sports has indicated it has been in contact with the relevant authorities about the breach, including the Information Commissioner’s Office (ICO). At present, it’s not clear whether there was a GDPR breach. However, it is worth noting that one of the principles of the GDPR is “integrity and confidentiality”, otherwise known as the security principle. This states that organisations must “ensure appropriate security of the personal data”.
This principle reflects an important point: exposure of your personal data can have major consequences. It can lead to financial losses, reputational damage, and psychological harm, including distress and loss of control.
Thankfully, the UK’s data protection regulations also enshrine the right for victims to claim compensation if their data has not been appropriately treated.
HNK Solicitors can help with your data breach claims
If you have been negatively impacted by a data breach, including the JD Sports hack, it’s important to consider pursuing a data breach compensation claim. Compensation can help to not just offset any financial losses you may have suffered, but also to help you recover from the emotional impact of losing control of your data.
If you have been a victim of a data breach, you should consult an experienced solicitor about the prospect of seeking compensation. Specialist solicitors will be able to review your case in detail and offer you a clear assessment of whether it would be worth pursuing a claim.
At HNK Solicitors, we have extensive experience in helping clients pursue data breach claims. As you can see from our case studies page, we have managed to secure thousands of pounds in compensation for people who have been negatively impacted by a data breach. We offer free, no-obligation consultations to discuss potential claims, so if a company has failed to properly protect your data, get in touch today. Simply fill out our online claim form, call us on 0151 668 0814 or send us an email at firstname.lastname@example.org.