Dick’s Sporting Goods appears to have been caught off guard after a cyberattack stole sensitive company data.
The sporting goods store has filed a complaint 8-K Form with the U.S. Securities and Exchange Commission (SEC) to notify the regulator of a cybersecurity incident.
“On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information,” Dick said in the filing.
No disturbances
The company said it immediately activated its cybersecurity response plan after discovering the incident, and said it had engaged external cybersecurity experts to “investigate, isolate and contain” the threat. Federal law enforcement has also been notified.
While Dick’s admitted that some confidential information had been accessed, it did not say exactly what it was or who it belonged to. Online chatter points to company members’ details, but there is no confirmation yet.
At the same time, an anonymous source said BleepingComputer The company shut down its email systems and blocked all employee accounts. IT began manually validating employees’ identities via cameras before allowing them access to emails again. The company reportedly told employees that access had been blocked due to “planned activity” and that they would be notified by their team leaders with further instructions. Phone lines also appear to have been disconnected.
Ny Breaking has contacted Dick and will provide an update when we have more information.
Elsewhere in the filing, the company also said that it has “no knowledge that this incident disrupted its business operations.” In other words, it continued to operate as normal during the breach, suggesting that this was likely not a ransomware attack. It’s also worth noting that many ransomware operators don’t even bother implementing the encryptor, as they can extort the same amount of money just by threatening to leak stolen data. It’s cheaper, but just as effective.
“The Company’s investigation into the incident is ongoing,” the filing concludes. “Based on the Company’s current knowledge of the facts and circumstances surrounding this incident, the Company believes this incident is not material.”
Via The register