The Register has verified that Sports Direct, the biggest sports retail company in the UK, was compromised in the previous year, but the company has yet to notify its employees about the incident.
A hacker gained access to the company's internal systems and stole the personal data of its employees, including names, phone numbers, and email and postal addresses.
The unpatched version of the DNN platform, which Sports Direct uses to host the staff site, was vulnerable to known vulnerabilities that the attackers took advantage of.
As per El Reg, Sports Direct has not yet notified the employees about the data breach. Following its discovery of the hack, the company notified the Information Commissioner's Office of the issue.
Source: https://securityaffairs.com/56187/data-breach/sports-direct-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/sports-direct-international
"id": "spo1325191123",
"linkid": "sports-direct-international",
"type": "Breach",
"date": "02/2017",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Retail',
'location': 'UK',
'name': 'Sports Direct',
'type': 'Organization'}],
'attack_vector': 'Unpatched DNN platform vulnerabilities',
'data_breach': {'personally_identifiable_information': 'Yes',
'type_of_data_compromised': ['names',
'phone numbers',
'email addresses',
'postal addresses']},
'description': "A hacker gained access to the company's internal systems and "
'stole the personal data of its employees, including names, '
'phone numbers, and email and postal addresses.',
'impact': {'data_compromised': ['names',
'phone numbers',
'email addresses',
'postal addresses'],
'systems_affected': 'Staff site hosted on DNN platform'},
'post_incident_analysis': {'root_causes': 'Unpatched DNN platform'},
'references': [{'source': 'The Register'}],
'regulatory_compliance': {'regulatory_notifications': 'Information '
"Commissioner's Office"},
'title': 'Sports Direct Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Known vulnerabilities in DNN platform'}