Sports Direct has failed to inform staff of a data breach in which personal data, including phone numbers and postal addresses of employees, was stolen.
According to tech publication The Register the retailer fell victim to a digital break-in where employees’ unencrypted data was stolen.
The sportswear giant reportedly detected the intrusion when it occurred in September, but it did not learn of the theft until December.
Although an incident report had been filed with the Information Commissioner’s Office (ICO) following the company’s discovery of the breach, staff were kept in the dark over the loss of their data.
There was reportedly no evidence that the hacker had made copies of the data, and the ICO stated it would be “making enquiries”.
“Sports Direct workers will be anxious to know what personal details have been hacked in this apparently serious data breach and why they weren’t immediately informed about it by their employer,” Unite assistant general secretary Steve Turner told The Register.
“This is potentially sensitive and personal information.
“It’s completely unacceptable that the workers affected appear not to have been informed and the data breach swept under the carpet.
“We will be immediately approaching the company for answers and further details about the potentially damaging impact of this on our members, as well as details about actions taken to ensure personal data is never compromised again.
“In the meantime we would urge Sports Direct workers to check their financial records, change passwords and immediately report any suspicious activity.”