A Major Data Breach Impacts the Retail Giant DICK’S Sporting Goods in a Cyberattack
DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, has been hit by a cyberattack that has forced the company to take drastic measures to contain the security breach. The incident, discovered on August 21, 2024, resulted in the unauthorized access of confidential information from the company’s systems.
“On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information,” the retailer giant said in a filing with the U.S. Securities and Exchange Commission (SEC).
DICK’S Takes Immediate Action to Contain the Cyberattack
Immediately upon detecting the incident, DICK’S activated its cybersecurity response plan and engaged with external cybersecurity experts to investigate, isolate, and contain the threat. As a precaution, the company shut down its email systems and locked all employee accounts.
“Immediately upon detecting the incident, the Company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat,” the company said in its SEC filing.
Employee Access Restricted, Phone Lines Down
Employees are currently unable to access their systems, with IT staff manually validating identities on camera before granting access. In an internal memo shared with BleepingComputer, DICK’S told employees that most of them no longer have access to their systems because of a “planned activity” and that their team leaders will contact them via personal email or text for further instructions.
The incident has also affected phone lines at local stores, with BleepingComputer receiving out of service messages when attempting to call over twenty stores throughout the US.
DICK’S Reports the Breach to Law Enforcement
DICK’S has reported the breach to relevant law enforcement authorities and, for the moment, the incident has had no impact on the company’s operations.
“The Company has also notified federal law enforcement. The Company has no knowledge that this incident has disrupted business operations,” DICK’S added.
Investigation Ongoing, Impact Still Being Assessed
The company’s investigation of the incident remains ongoing, and the full extent of the cyberattack’s impact is still being assessed.
“The Company’s investigation of the incident remains ongoing. Based on the Company’s current knowledge of the facts and circumstances related to this incident, the Company believes that this incident is not material,” DICK’S said in its SEC filing.
A DICK’S spokesperson was not immediately available for comment when contacted by BleepingComputer. However, the company has emphasized its commitment to transparency throughout this process, assuring customers and employees that it is taking all necessary steps to address the situation.
“The Company is committed to transparency and will continue to provide updates as appropriate,” DICK’S said in its SEC filing.
The Impact of Cyberattacks on Businesses
The DICK’S Sporting Goods cyberattack is a stark reminder of the growing threat of cyberattacks to businesses of all sizes. These incidents can have a significant impact on operations, finances, and reputation.
It is crucial for businesses to invest in robust cybersecurity measures, including strong passwords, multi-factor authentication, regular security updates, and comprehensive data backup and recovery plans. It’s also essential to have a plan in place for responding to a data breach, including notifying affected customers and taking steps to mitigate the damage.
The DICK’S Sporting Goods cyberattack is a reminder that no company is immune to these threats. By taking proactive steps to strengthen their cybersecurity posture, businesses can reduce their risk of falling victim to these attacks.