Sports Direct falls victim to cyber attack compromising 30,000 employees - but fails to tell affected workers

Hackers broke into the company’s systems last September, gaining access to names, email addresses and phone numbers

Zlata Rodionova
Wednesday 08 February 2017 17:09 GMT
Comments
Sports Direct, which MPs last year likened to a “Victorian workhouse” for its appalling work practices, was made aware of the cyberattack three months after it occurred
Sports Direct, which MPs last year likened to a “Victorian workhouse” for its appalling work practices, was made aware of the cyberattack three months after it occurred

Scandal-hit retailer Sports Direct failed to tell its approximately 30,000 employees about a major data breach that took place last autumn and that saw staff’s personal information being accessed by hackers.

According to technology publication the Register, hackers broke into the company’s systems last September, gaining access to names, email addresses and phone numbers.

Sports Direct, which MPs last year likened to a “Victorian workhouse” for its appalling work practices, was made aware of the cyberattack three months after it occurred and filed an incident report with the Information Commissioner’s officer, the Register reports. But the company did not report the breach to staff.

“It’s completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet,” Steve Turner, assistant general secretary at trade union Unite, told the Register.

“We will be immediately approaching the company for answers and further details about the potentially damaging impact of this on our members, as well as details about actions taken to ensure personal data is never compromised again,” Mr Turner added.

Sports Direct, reeling from a year-long scandal over working practices, said in December that underlying profit before tax had slumped by 57 per cent to £71.6m from £166.4m in the six months to 23 October.

Keith Hellawell, the chairman of Sports Direct who survived a vote to remain in the post at the company's annual meeting.

He claimed that an 'extreme campaign against' the business had damaged the morale of staff and influenced customers.

A spokesman for Sports Direct told The Independent: "We cannot comment on operational matters in relation to cyber-security for obvious reasons. However, it is our policy to continually upgrade and improve our systems, and where appropriate we keep the relevant authorities informed."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in