Dick’s Sporting Goods hit by cyberattack
Dick’s Sporting Goods says it has contained a recent intrusion into its IT systems.
In an Aug. 28 filing with the SEC, Dick’s said that on Aug. 21, 2024 it discovered unauthorized third-party access to its information systems, exposing unspecified “confidential information.”
Immediately upon detecting the incident, Dick’s said it activated its cybersecurity response plan, including having external cybersecurity experts “investigate, isolate and contain the threat,” and notified federal law enforcement. The investigation is ongoing.
Dick’s also said in the SEC filing that it has no knowledge of this incident disrupting business operations and does not believe it is material to results.
According to Bleeping Computer, a source from Dick’s said that the company is telling employees not to discuss or write about the breach and that all employees have been locked out of their corporate email accounts. The retailer is reportedly verifying employee identities via camera to return company email access to them.
Bleeping Computer also reported that it had seen an internal Dick’s company memo informing employees that most of them did not have access to their email systems due to a "planned activity."
Dick’s has not yet replied to a Bleeping Computer request for comment. Read more coverage here.
[READ MORE: Fraud rises in 2023 for businesses, consumers alike]
In commentary emailed to Chain Store Age, Thomas Richards, principal consultant, Synopsys Software Integrity Group, said this attack continues a "concerning trend."
"Data is valuable, wherever it is, and that attackers will not stop to capture it," Richards said in the email. "Until there is a full disclosure from Dick’s regarding what data was accessed, consumers should be mindful of any stored credit card data or loyalty points just to be on the safe side. With the reports stating that their corporate email was restricted, it’s a strong indication that internal communications and business operations were affected and hopefully not customer data."
