Sports Direct 'hid data breach from staff'

Image source, PA

Image caption, Sports Direct has come under fire in recent months over its "Dickensian working practices"
  • Author, Jane Wakefield
  • Role, Technology reporter

A data breach at retailer Sports Direct last year was reported to the Information Commissioner's Office but not to staff whose data may have been compromised, according to reports.

The ICO confirmed to the 大象传媒 that it was "aware of an incident" and was making enquiries.

According to technology website , the breach in September saw employees' unencrypted data stolen.

A spokesman for Sports Direct would not be drawn on the details of the breach.

"We cannot comment on operational matters in relation to cybersecurity for obvious reasons," he told the 大象传媒.

"It is our policy to continually upgrade and improve our systems, and where appropriate we keep the relevant authorities informed," he added.

The Register was told by "an inside source" that a hacker had attacked a system that Sports Direct used to run a staff portal.

New regulations coming from the EU will require companies to declare a data breach within 72 hours.

, it is important companies notify "individuals who may have been affected" to allow them "to take steps steps to protect themselves".

Unite assistant general secretary Steve Turner told the 大象传媒: "Sports Direct workers will be anxious to know what personal details have been hacked in this apparently serious data breach and why they weren't immediately informed about it by their employer.

"This is potentially sensitive and personal information such as national insurance numbers and bank details that we're talking about.

"It's completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet."

The union has contacted Sports Direct to clarify what happened in the breach, but urged staff to check their financial records, change passwords and report any suspicious activity.

Dr Jamie Greaves, chief executive at cybersecurity company ZoneFox told the 大象传媒: "The way Sports Direct has handled their data breach last year is a perfect example of how not to deal with a cyber-attack.

"Keeping their 30,000-strong workforce in the dark for over a year is simply unacceptable."

It is not the first time Sports Direct has been criticised for how it treats its staff.

The chairman of the government's Business, Innovation and Skills committee Iain Wright suggested that Sports Direct's working practices were "closer to that of a Victorian workhouse than that of a modern, reputable high street retailer".

The company has also been investigated over staff being paid below the minimum wage.