Data security in the wake of the JD Sports data breach

14 March 2023

On 30th January 2023, leading trainer and sports fashion retailer JD Sports advised over 10 million of its customers that it had experienced a data breach following a cyber attack in which its servers were  accessed by a third party hacker.

The attack involved the personal data of customers who had placed orders with JD Sports as well as other JD Sports group companies, such as Millets, MilletSports, JD and Blacks between 2018 and 2020. The information included its customers’ names, telephone numbers, email addresses, home addresses and last 4 digits of the card used for the payment.

Unfortunately, breaches of this nature are now common.

In 2022, a report conducted by IBM  found that 83% of organisations experienced a data breach, with 45% of these breaches being  cloud-based. Data breaches are serious and even a relatively small one can have a devastating effect on a company if it is not handled properly.

Adverse effects can reach all corners of a business as these may include claims for compensation and regulatory action as well as reputational damage which can affect the ability to continue trading for a significant period of time, so minimisation of these effects is vital.

Having an understanding of what a data breach is will help identify whether one has occurred. According to the Information Commissioner’s Office (ICO), a data breach is defined as a security incident that has affected the confidentiality, integrity or availability of personal data.

Action must be taken immediately to provide protection and minimise those adverse effects mentioned above. Therefore, identifying whether a breach has occurred should be afforded urgent attention.

Data breaches can be caused in various ways, both deliberate and accidental, but what is most important is the speed and efficiency of the reaction once a data breach has occurred.



In the case of JD Sports, it quickly sought assistance from cybersecurity experts and notified the affected customers before a full investigation had been completed, which remains ongoing. This is not unusual as full and detailed investigations into the cause of data breaches can take months, and initial steps need to be taken in order to ensure best protection for both the data subjects as well as the organisation. In reacting quickly, JD Sports is likely to have reduced the adverse effects of the breach.


Such breaches are not restricted to large commercial organisations and can happen to any business. If you are concerned that you do not have insurance protection in place for cyber attacks, please contact us to discuss the insurance cover available and obtain a quotation.

Click for Quote
WTJ Insurance

Landmark House, 556 Leeds Road,
Outwood, Wakefield, WF1 2DX

Call: 01924 871 111