U.K.-based sports retailer JD Sports has called on law firm Fieldfisher after it was hit by a cyber attack that could affect around 10 million customers.
The attack, which was revealed by the company on Monday, has resulted in the unauthorised access to a system that contained customer data connected to online orders placed between November 2018 and October 2020, the retailer said in a statement published to the London Stock Exchange.
The compromised data includes customer names, billing and delivery addresses, email addresses, phone numbers, and the final four digits of payment cards. The company added that the affected data was “limited”.
U.K. law firm Fieldfisher is advising the company through the matter, a person with knowledge of the attack said. The firm has boosted its European tech and cyber credentials in recent years, making tech partner Rob Shooter its managing partner in 2021, and, capitalising on the surge in cyber threats, launching a dedicated mass litigation unit in Berlin for legal tech and operations.
Law firms across the U.K. have been scaling up their cyber teams amid a spike in high profile attacks on companies such as hotel chain Marriott in 2019, which brought in Freshfields Bruckhaus Deringer to advise. In particular, companies across the west have been bracing against potential Russia-backed attacks since Putin’s full scale invasion of Ukraine in 2022.
Given their rich pools of client data, law firms themselves have become common targets. Notably in 2017, DLA Piper was hit by a major cyber attack, which knocked out phones and computers across the firm. More recent targets include Goodwin Procter and CMS, while in November, Cadwalader Wickersham & Taft reported an email network outage that prompted it to wipe the hard drives of firm-issued computers and take many of its internal systems offline.
In 2022, U.K. listed firm Ince attributed a dip in its revenue to a cyber attack.
JD Sports CEO Neil Greenhalgh said in a statement: “We want to apologise to those customers who may have been affected by this incident. We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these. We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”
Fieldfisher was contacted for comment.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
