cyber Breach

Sports Direct

Nov 19, 2023 1 min read
Sports Direct

The Register has verified that Sports Direct, the biggest sports retail company in the UK, was compromised in the previous year, but the company has yet to notify its employees about the incident.

A hacker gained access to the company's internal systems and stole the personal data of its employees, including names, phone numbers, and email and postal addresses.

The unpatched version of the DNN platform, which Sports Direct uses to host the staff site, was vulnerable to known vulnerabilities that the attackers took advantage of.

As per El Reg, Sports Direct has not yet notified the employees about the data breach. Following its discovery of the hack, the company notified the Information Commissioner's Office of the issue.

Source: https://securityaffairs.com/56187/data-breach/sports-direct-data-breach.html

TPRM report: https://scoringcyber.rankiteo.com/company/sports-direct-international

"id": "spo1325191123",
"linkid": "sports-direct-international",
"type": "Breach",
"date": "02/2017",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Retail',
                        'location': 'UK',
                        'name': 'Sports Direct',
                        'type': 'Organization'}],
 'attack_vector': 'Unpatched DNN platform vulnerabilities',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'type_of_data_compromised': ['names',
                                              'phone numbers',
                                              'email addresses',
                                              'postal addresses']},
 'description': "A hacker gained access to the company's internal systems and "
                'stole the personal data of its employees, including names, '
                'phone numbers, and email and postal addresses.',
 'impact': {'data_compromised': ['names',
                                 'phone numbers',
                                 'email addresses',
                                 'postal addresses'],
            'systems_affected': 'Staff site hosted on DNN platform'},
 'post_incident_analysis': {'root_causes': 'Unpatched DNN platform'},
 'references': [{'source': 'The Register'}],
 'regulatory_compliance': {'regulatory_notifications': 'Information '
                                                       "Commissioner's Office"},
 'title': 'Sports Direct Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Known vulnerabilities in DNN platform'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.