Personal information such as email addresses, home addresses, phone numbers, and the last four digits of bank cards could have been exposed.
The incident affected 10 million customers who placed orders between November 2018 and October 2020.
The cyber attack also affects customers who shop at Size, Millets, Blacks, Scotts, and Millet Sport.
JD Sports claims that account passwords were not exposed and that customers’ full bank card information was not stored.
It warns customers to be on the lookout for fraudulent phone calls, texts, and emails.
“Following this incident, we are continuing with a full review of our cyber security in partnership with external specialists,” said Neil Greenhalgh, JD’s chief financial officer.
“Protecting our customers’ data is a top priority for JD.”
More news from United Kingdom