Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber attack.
The company said information that “may have been accessed” by hackers included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards.
The data related to online orders between November 2018 and October 2020.
JD Sports said it was contacting affected customers.
The group said the affected data was “limited”. It added it did not hold full payment card details and did not believe that account passwords were accessed by the hackers.
“We want to apologise to those customers who may have been affected by this incident,” said Neil Greenhalgh, chief financial officer of JD Sports. “Protecting the data of our customers is an absolute priority for JD.”