Lauren Wills-Dixon Appears on BBC Breakfast Discussing JD Sports Cyber Incident
Wednesday 1st February 2023
Lauren Wills-Dixon, solicitor at Gordons and expert in cyber security and data privacy, has appeared on BBC Breakfast discussing the cyber attack at sportswear chain, JD Sports.
The news came following another high-profile disruptive cyber incident when Royal Mail was unable to send letters and parcels overseas. Lauren’s comments on that incident featured in The Guardian.
Speaking to BBC Breakfast, Lauren discussed the legal obligations organisations have if personal data has been compromised. Lauren also explained what customers can do if they have lost money because of a cyber attack and what they can do to minimise the risk of becoming victims in the first place.
The leading high-street retailer reported that stored data relating to online orders between November 2018 and October 2020 affecting 10 million customers might be at risk. Alongside JD Sports, other entities in the group, including Size?, Millets, Blacks, Scotts and MilletSports were impacted.
As well as appearing on BBC Breakfast, Lauren has also been quoted on the BBC News website on its coverage of the JD Sports cyber incident.
Lauren commented: “Retailers are among the most common targets for cybercriminals because their high volume of transactions – and therefore the volume of customer data they hold – makes them an attractive target. The increased use of technology by the industry to reduce overheads and streamline operations has raised the risk even further.”
JD Sports said that it was contacting customers, and they added that the affected data was “limited” as it does not hold full payment card details and they did not believe it included account passwords.
The company said that it was working with leading cyber security experts and is engaging with the Information Commissioner’s Office (ICO) in response to the incident.
“JD Group have been quick to communicate to the historic customers affected and alleviate any concerns about bank details being accessed. The test for reportability of a data breach to the ICO and also any affected individuals is whether there is a real risk to people’s rights and freedoms (which catches most cyber-attacks).
“However, organisations, especially retailers who often bear the brunt of public criticism because of consumer-facing visibility, may also choose to contact customers to control the narrative from a PR perspective,” Lauren added.
Lauren concluded: “In this new world, it’s not ‘if’ but ‘when’ a cyber attack will happen. Organisations need to plan accordingly by shifting focus from pure prevention to ongoing detection and response planning. This will ensure they can become more resilient and bounce back from attacks quickly.”