Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Sports Direct hacked last year, and still hasn't told its staff of data breach

And MPs said workers were being treated without dignity or respect…

Exclusive Sports Direct has left its 30,000-strong workforce in the dark over a data breach in the autumn when a hacker accessed internal systems containing staffers' personal information.

The Register can reveal the UK's largest sports retail business was the subject of a digital break-in during September, when an attacker exploited public vulnerabilities affecting the unpatched version of the DNN platform that Sports Direct was using to run a staff portal.

An inside source with knowledge of the incident told The Register that employees' unencrypted data was stolen during the breach. Sports Direct's internal systems detected the intrusion in September, but it was not until December that the company learned of the data breach. Our insider claimed a phone number had been left on the company's internal site with a message encouraging Sports Direct's bosses to make contact.

Sources told us that as of Monday, staff had still not been notified of the breach, which included names, email and postal addresses, as well as phone numbers.

Sports Direct filed an incident report with the Information Commissioner's Office after it became aware that its workforce's information had been compromised, but as there was no evidence that the hacker had made further copies or shared the data, the company did not report the breach to its staff.

A spokesperson for the ICO confirmed to The Register that it was “aware of an incident from 2016 involving Sports Direct” and would be “be making enquiries.”

Last year, a Parliamentary inquiry into working practices at Sports Direct [PDF] described the business as “the country’s largest sports retail outlet,” and stated that its “size and success is founded on a business model that enables the majority of workers in both the warehouse at Shirebrook and at the shops around the UK to be treated without dignity or respect.”

Regarding the breach, Unite assistant general secretary Steve Turner told us: “Sports Direct workers will be anxious to know what personal details have been hacked in this apparently serious data breach and why they weren't immediately informed about it by their employer. This is potentially sensitive and personal information.”

“It’s completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet,” added Turner.

“We will be immediately approaching the company for answers and further details about the potentially damaging impact of this on our members, as well as details about actions taken to ensure personal data is never compromised again,” the union's assistant general secretary said. “In the meantime we would urge Sports Direct workers to check their financial records, change passwords and immediately report any suspicious activity.”

Unite's criticism of Sports Direct's lack of regard for employees is the latest in a string of complaints which have seen the company's share price more than halve since February 2015, following a number of scandals regarding its alleged mistreatment of employees.

An undercover investigation by The Guardian discovered that the company had been effectively paying workers below the minimum wage. The company subsequently admitted breaking the law and thousands of warehouse workers received back pay totalling £1m.

In November, six MPs from Parliament's Business and Skills Committee claimed that “an attempt was made to record their private discussions” when they visited the Shirebrook warehouse to investigate working practices.

A spokesman for Sports Direct said: "We cannot comment on operational matters in relation to cyber-security for obvious reasons. However, it is our policy to continually upgrade and improve our systems, and where appropriate we keep the relevant authorities informed." ®

Similar topics

TIP US OFF

Send us news


Other stories you might like