SPORTS Direct failed to tell its workers about a major data breach that saw personal information accessed by hackers.

A cyber attacker gained access to internal systems containing details for phone numbers, names and home and email addresses of the retail giant's 30,000 staff members.

But according to The Register, workers still haven't been told about the breach, which took place in September.

Sports Direct discovered the attack three months later after a phone number was left on the company's internal site with a message encouraging bosses to make contact.

Chiefs filed a report with the Information Commissioner's office after it became aware that personal information had been compromised.

But as there was no evidence the data had been shared, Sports Direct didn't report the breach to staff.

A spokesman for the ICO confirmed it was “aware of an incident from 2016 involving Sports Direct” and said they would be “be making enquiries.”

Unite assistant general secretary Steve Turner slammed the company for keeping its staff in the dark, and urged workers to check their financial records.

He added: "Sports Direct workers will be anxious to know what personal details have been hacked in this apparently serious data breach and why they weren't immediately informed about it by their employer. This is potentially sensitive and personal information.

"It’s completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet.

"We will be immediately approaching the company for answers and further details about the potentially damaging impact of this on our members, as well as details about actions taken to ensure personal data is never compromised again."

related stories

The blunder is the latest in a string of controversies surrounding the sporting goods retailer.

A major probe was launched in 2015 after an undercover investigation by The Guardian found that the company was paying its staff below the minimum wage.

A damning report by the Business, Innovation and Skills committee later said founder Mike Ashley must be held accountable for company failings, adding that staff hadn't been treated as humans.

Union officials told MPs that in one case, an employee had given birth in a toilet at the company's warehouse base in Shirebrook, Derbyshire, because she feared losing her job if she called in sick.

Allegations also surfaced of some workers being promised permanent contracts in exchange for sexual favours.

Committee chairman Iain Wright said evidence heard by MPs last year suggested Sports Direct's working practices "are closer to that of a Victorian workhouse than that of a modern, reputable High Street retailer".

In November, six MPs from the Business and Skills Committee said attempts were made to record their private discussions when they visited Sport Direct to investigate working practices.

A spokesman for Sports Direct said: "We cannot comment on operational matters in relation to cyber-security for obvious reasons. However, it is our policy to continually upgrade and improve our systems, and where appropriate we keep the relevant authorities informed."

Source: Read Full Article