The affected data was limited, the group said, and it did not hold full payment card details and did not believe that account passwords were accessed by the hackers.
Neil Greenhalgh, chief financial officer of JD Sports, said they wanted to apologise to those who have been affected by the incident. JD believes that protecting the data of our customers is an absolute priority. The attack related to online orders placed for the JD, Size? Millets, Blacks, Scotts and MilletSport brands and it is understood that it was detected by the company in recent days, but only the historical data was accessed.
The company said it was working with leading cyber-security experts and was engaging with the Information Commissioner's Office ICO in response to the incident.
Lauren Wills-Dixon, a lawyer at Gordons, said retailers were the most common targets for cyber attacks because of the large amounts of customer data they hold, and that firms needed to do more to plan for them.
She said that the increased use of technology by the industry to reduce overheads and streamline operations has raised the risk, but it is good to see JD Sports saying they are working with experts to help in a containment and recovery perspective, but once the dust has settled their comments of ''we take the protection of customer data extremely seriously' will be put to the test by the ICO.