Sports Direct data hack

A data breach at Sports Direct that resulted in the theft of employees’ personal details has been kept hidden from staff for months, it has been reported.

As of Monday, Sports Direct had not told its workforce that a hacker who broke into the company’s computer system last September stole employees names, addresses, phone numbers and emails.

According to The Register the breach occurred after a hacker accessed a Sports Direct staff portal and stole unencrypted data.

The hacker left a phone number on the company’s internal site along with a message for Sports Direct’s management to make contact, an anonymous source told The Register.

Despite being made aware of the theft in December, it was reported that at the beginning of this week the firm had still not informed its 30,000 employees.

Unite assistant general secretary, Steve Turner, said it was “completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet”.

“Sports Direct workers will be anxious to know what personal details have been hacked in this apparently serious data breach and why they weren’t immediately informed about it by their employer. This is potentially sensitive and personal information,” he said.

“We will be immediately approaching the company for answers and further details about the potentially damaging impact of this on our members, as well as details about actions taken to ensure personal data is never compromised again.”

He added, “In the meantime we would urge Sports Direct workers to check their financial records, change passwords and immediately report any suspicious activity.”

Sports Direct, which has been the subject of a Unite campaign against “Victorian” working conditions suffered by staff at its Shirebrook warehouse, filed a report with the Information Commissioner’s Office (ICO) after it discovered the breach.

However, because there was no evidence that the hacker made copies or shared the information the firm decided to keep staff in the dark.

The ICO said it is “making enquiries” into the hack.

It is the latest in a long line of scandals to hit the sports retailer, including not paying its staff the minimum wage and accusations of attempting to record the private discussions of MPs who were inspecting the Shirebrook site.

Last year, a Parliamentary inquiry found that firm’s “size and success is founded on a business model that enables the majority of workers in both the warehouse at Shirebrook and at the shops around the UK to be treated without dignity or respect.”

The company has seen its share price drop by more than half since February 2015.

A Sports Direct spokesperson said, “We cannot comment on operational matters in relation to cyber-security for obvious reasons. However, it is our policy to continually upgrade and improve our systems, and where appropriate we keep the relevant authorities informed.”