JD Sports says it's been the target of a cyber attack.
The retailer says there's been unauthorised access to customer data for some online orders placed between November 2018 and October 2020.
According to Reuters, the group said; "the affected data was "limited", as it does not hold full payment card data and did not believe account passwords were accessed.
They continued to say: "JD Sports said information that may have been accessed consisted of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of about 10 million customers."
JD Sports Statement
Neil Greenhalgh, Chief Financial Officer of JD Sports, said:
"The information that may have been accessed consists of the name, billing address, delivery address, email address, phone number, order details and the final four digits of payment cards of approximately 10 million unique customers.
"We want to apologise to those customers who may have been affected by this incident.
"We are advising them to be vigilant about potential scam e-mails, calls and texts and providing details on how to report these.
"We are continuing with a full review of our cyber security in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD."