• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Retail Giant Sports Direct Suffered Data Breach Affecting 30,000 Employees

February 8th, 2017 Waqas Hacking News, Security 0 comments
Retail Giant Sports Direct Suffered Data Breach Affecting 30,000 Employees
Share on FacebookShare on Twitter

Sports Direct, a British retailing group suffered a massive security breach back in 2016 in which a hacker stole personal details of 30,000 of its employees. Another negative aspect of this incident is that the company did not inform its workers about the breach, reports The Register.

The breach took place in September last year when a hacker exploited vulnerabilities in Sports Direct’s employee portal that was using DNN (formerly DotNetNuke) based content management system.

An anonymous source told The Register that the stolen data contains unencrypted data of employees including emails, phone numbers, names and postal address. The source also claimed that the hacker left a phone number in Sports Direct’s system for the owners to get it touch with them. However, it is still unclear if the data is being sold on the Internet or leaked on the Internet.

What’s worse about this breach is that although the company found out about the breach in December, it didn’t bother to inform the employees affected by the breach itself; it did, however, inform the authorities.

Wieland Alge, GM and VP EMEA at Barracuda Networks said that “the employee portal breach at Sports Direct highlights that not enough is being done to get the correct security procedures and systems in place. Although it does not seem like the attackers were able to get their hands on financial information, only gaining access to email addresses, full names and phone numbers can lead to serious problems, perhaps leaving employees open to targeted phishing attacks.”

Thomas Fischer, threat researcher and security advocate at Digital Guardian also commented on the issue saying that “Public and private organizations alike have a duty of care, not to mention legal obligation, to protect data. By failing to update its systems and appearing to disregard security best practices, Sports Direct has let its employees down. If GDPR was already in enforcement, the repercussions for Sports Direct could have been far greater as it appears that the company was in violation of two requirements of the regulation.

First, under the GPDR, companies are required to use appropriate measures to protect all personal data, so the employee information should have been encrypted. Second, companies are obliged to report suspected incidents to the authorities within 72 hours. The incident also reminds us of the dangers of not notifying the affected parties. Sports Direct has failed to inform employees of the breach, putting those affected at further risk. With personal details in their hands, hackers may have targeted employees through phishing and social engineering attacks – and the employees would have had no reason to believe anything was suspicious.”

This is not the first time that Sports Direct has been in the news regarding its employees. According to an undercover investigation by The Guardian, it was revealed that the owner of the company Mike Ashley, 22nd richest man does not only pay workers below the minimum wage but also involved in the mistreatment of employees.

[fullsquaread][/fullsquaread]

At the time of publishing this article, Sports Direct denied commenting on the report. Stay tuned.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • breach
  • Business
  • Data
  • hacking
  • internet
  • LEAKS
  • Privacy
  • security
  • UK
Facebook Twitter LinkedIn Pinterest
Previous article Hackers deface thousands of website by exploiting WordPress vulnerability
Next article US could demand social media passwords of visa applicants
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

58
Why you should never use free a VPN
Drones

Why you should never use free a VPN

46
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

454

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us