DICK’s Sporting Goods says confidential data exposed in cyberattack
DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday.
Founded in 1948, DICK'S operates 857 stores across the United States and has reported $12.98 billion in revenue in 2023. As of February 2024, the Fortune 500 company employs over 55,500 people (18,900 full-time and 36,600 part-time).
According to a filing with the U.S. Securities and Exchange Commission (SEC), the company has hired outside cybersecurity experts to help contain the security breach and assess the cyberattack's impact.
"On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information," the retailer giant said.
"Immediately upon detecting the incident, the Company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat."
If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at [email protected].
According to a source who requested anonymity to speak freely, the company has provided few details about the breach and is telling employees not to discuss it publicly or put anything in writing.
The same source told BleepingComputer that email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees' identities on camera before they can regain access to internal systems.
In an internal memo shared with BleepingComputer, Dick's told employees that most of them no longer have access to their systems because of a "planned activity" and that their team leaders will contact them via personal email or text for further instructions.
In today's SEC filing, the Fortune 500 retailer says it has also reported the breach to relevant law enforcement authorities and that, for the moment, the incident had no impact on the company's operations.
"The Company has also notified federal law enforcement. The Company has no knowledge that this incident has disrupted business operations," DICK'S added.
"The Company's investigation of the incident remains ongoing. Based on the Company's current knowledge of the facts and circumstances related to this incident, the Company believes that this incident is not material."
A DICK'S spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
source: BleepingComputer
Free security scan for your website
Top News:
Google Chrome uses AI to analyze pages in new scam detection feature
December 21, 2024CISA orders federal agencies to secure Microsoft 365 tenants
December 18, 2024Recorded Future CEO applauds "undesirable" designation by Russia
December 19, 2024Five lesser known Task Manager features in Windows 11
December 25, 2024DDoS Attacks Surge as Africa Expands Its Digital Footprint
December 26, 2024