No matter how much cybersecurity is strengthened, it seems that there are no barriers to the types of businesses that see their systems exposed and suffer a breach in their stored data. Today we know the case of the sports store chain known as Sprinter, from which order data has been stolen, including some as delicate as the full name, ID and postal address of the users.
We tell you how you can protect yourself if you have recently purchased from this store. It appears that the credit cards have not been stolen, but there is other data that could be sold on the dark web and used to commit other scams.
Customer data exposed
Sprinter, a chain of sports stores founded in Elche, Alicante, is alerting its customers of a cybersecurity breach they have suffered. According to this information, the company assumes that customer data has been leaked and that they are currently carrying out “an exhaustive investigation with cybersecurity specialists to understand the facts, contain the incident and protect the systems.”
The cybercriminals responsible for this security breach have managed to access the order database and extract some compromised information from it, including customer account data.
The data that would be in the hands of third parties and can be sold includes username (customer name), real full name, shipping and/or billing address, email address, telephone number, DNI or NIF and the date of birth.
This hack has already been reported to the State Security Forces and Bodies, but the scope of the data exposed could cause a domino effect. The Sprinter store chain recommends customers be especially alert to possible identity theft attempts.
“As a precautionary measure, we recommend that you continue to be vigilant and alert for fraud attempts and any suspicious emails, calls or text messages. Also avoid clicking on links in suspicious emails or text messages. We also recommend that you periodically change your password on Sprintersports.com.
Sprinter calls for calm
Fearing that key data could have been exposed, such as those related to payment methods, the sports store chain wanted to reassure users who have recently made purchases.
This data is encrypted and is not stored on servers. Apparently, the passwords of the client accounts have not been compromised either, so it could have been possible to break into these client accounts and obtain some additional data. “Please note that we do not store your bank card number or your account password,” is the message that has been given to customers who have received these communications.
Of course, although payment information data is not stored in the merchant’s systems, it is recommended that the user pay attention to possible suspicious movements in current accounts and inform the bank as soon as possible.
If you want more information about what happened, you can contact the email address responsible for data protection: dataprotection@sprintersports.com.
