Sports Direct yet again under fire after reportedly hiding a data breach that compromised 30,000 employees’ personal data.

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Sports Direct yet again under fire after reportedly hiding a data breach that compromised 30,000 employees’ personal data.

Information authorities and security experts are reportedly appalled by the way Sports Direct handled a data breach that happened back in September of last year. Apparently, they never actually told their employees about it; leaving them to find out on the news!

Sports Direct’s internal systems were triggered when the attack occurred in September but, somehow, the company were unaware of it until December. How that information was not automatically relayed to the company seems to be a mystery to all.

What’s more vexing is that the retail company decided against warning their employees just because they didn’t think the data had been copied or shared. In failing to inform the employees, who are the very victims of the hack, they have potentially prevented workers from taking steps to protect themselves from further harm. If Sports Direct had told them, the employees would be able to look out for phishing emails or other scams, change their passwords, and alert their banks.

The information accessed through the staff portal included:

  • Names;
  • Addresses;
  • Email addresses;
  • Phone numbers;
  • Potentially bank details and National Insurance numbers.

ICO informed

The major UK sports retail company did inform the Information Commissioners Office of the breach, and have said they will work alongside the authorities and provide relevant information, but it is likely that the incident could cost them with a heavy fine. The ICO has started making enquiries and investigations, and will be taking into account that the information was on an unpatched system as well the data itself being unencrypted.

Encryption is the most basic level of cybersecurity and is effective in hiding data from third parties. Scrambling can make data unreadable and useless to hackers unless they have the key or strong hacking software to break it.

New legislation is coming soon!

This security breach comes in light of the new General Data Protection Regulation being introduced as a crackdown on how companies prevent and handle data breaches. The way the sports retail company handled its data breach is exactly why the new regulation was needed. Dr Jamie Greaves, cybersecurity expert at ZoneFox, was unsympathetic, slamming the incident as “how not to deal with a cyber-attack.”

Sports Direct is most probably breaching its current legislative duties to notify affected individuals as soon as possible, so that they are able to start protecting themselves immediately. The new GDPR, scheduled to come into force in May of 2018, will require companies to declare breaches within 72 hours. The Regulation comes with a very hefty fines for non-compliance so hopefully companies will be incentivised to buckle up on security. Unless Sports Direct massively overhauls their current security systems, there is no way the company will be able to comply.

This is not the first time Sports Direct has come under fire with the authorities – a previous Parliamentary investigation found that they were paying their employees under the National Minimum Wage. A separate investigation also found that employees were treated with a distinct lack of dignity and respect, with Business, Innovation and Skills committee Chairman, Iain Wright, likening it to a “Victorian Workhouse”.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon