The Register has verified that Sports Direct, the biggest sports retail company in the UK, was compromised in the previous year, but the company has yet to notify its employees about the incident.
A hacker gained access to the company's internal systems and stole the personal data of its employees, including names, phone numbers, and email and postal addresses.
The unpatched version of the DNN platform, which Sports Direct uses to host the staff site, was vulnerable to known vulnerabilities that the attackers took advantage of.
As per El Reg, Sports Direct has not yet notified the employees about the data breach. Following its discovery of the hack, the company notified the Information Commissioner's Office of the issue.
Source: https://securityaffairs.com/56187/data-breach/sports-direct-data-breach.html
"id": "SPO1325191123",
"linkid": "sports-direct-international",
"type": "Breach",
"date": "02/2017",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"