Sportswear chain JD Sports has said stored data relating to 10 million customers might be at risk after it was hit by a cyber attack.
The company said information that "may have been accessed" by hackers included names, addresses, email accounts, phone numbers, order details and the final four digits of bank cards.
The data related to online orders between November 2018 and October 2020.
JD Sports said it was contacting affected customers.
The group said the affected data was "limited". It added it did not hold full payment card details and did not believe that account passwords were accessed by the hackers.
"We want to apologise to those customers who may have been affected by this incident," said Neil Greenhalgh, chief financial officer of JD Sports. "Protecting the data of our customers is an absolute priority for JD."
The attack related to online orders placed for the JD, Size?, Millets, Blacks, Scotts and MilletSport brands and it is understood it was carried out in recent days, but only the historical data was accessed.
The company said it was working with "leading cyber security experts" and was engaging with the UK's Information Commissioner's Office in response to the incident.
Mr Greenhalgh said affected customers were being advised "to be vigilant about potential scam e-mails, calls and texts".
www.bbc.com
