Sports Direct, the UK’s largest sports retail business, was hacked last year, and still hasn’t disclosed the incident to its staff.
The Register confirmed that the Sports Direct, the UK’s largest sports retail business, was hacked last year, and still hasn’t disclosed the incident to its staff.
In the autumn a hacker broke into the internal systems of the company and accessed personal information of its staffers, including names, email and postal addresses, as well as phone numbers.
The attackers exploited known vulnerabilities affecting the unpatched version of the DNN platform used by the Sports Direct to host the staff portal.
According to an inside source with knowledge of the data breach, staffer data were stored in plain text. Sports Direct discovered the security breach in September, the insider claimed attacker left its number on the company’s internal website in order to be contacted by the business.
According to the El Reg, Sports Direct still has disclosed the data breach to the staff, the company filed an incident report with the Information Commissioner’s Office after it became aware of the intrusion.
“A spokesperson for the ICO confirmed to The Register that it was “aware of an incident from 2016 involving Sports Direct” and would be “be making enquiries.”” reported The Register.
“Sports Direct workers will be anxious to know what personal details have been hacked in this apparently serious data breach and why they weren’t immediately informed about it by their employer. This is potentially sensitive and personal information.” the Unite assistant general secretary Steve Turner told The Register.
“It’s completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet,”
“We will be immediately approaching the company for answers and further details about the potentially damaging impact of this on our members, as well as details about actions taken to ensure personal data is never compromised again,” the union’s assistant general secretary said. “In the meantime we would urge Sports Direct workers to check their financial records, change passwords and immediately report any suspicious activity.”
Which is the reply from Sports Direct?
“We cannot comment on operational matters in relation to cyber-security for obvious reasons. However, it is our policy to continually upgrade and improve our systems, and where appropriate we keep the relevant authorities informed.” said the a company spokesman.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.