UK’s largest sports retail outlet Sports Direct has suffered a data breach in September 2016, when an attacker gained access to its staff portal, and through it to unencrypted personal information of the company’s 30,000 employees.
But the employees were never notified of this breach. Apparently, there was no evidence that the hacker had exfiltrated the data, leaked it or shared it further, and the company opted for just notifying the Information Commissioner’s Office (ICO), UK’s national data protection authority.