Sports store chain Sprinter Sports has been hit by a "cyber security incident. In the process, customer order and account information of customers may have been accessed or copied by the attackers. The company advises those affected to carefully check their bank accounts for "suspicious activity. Sprinter Sport writes this in an e-mail to customers, which has been viewed by the editors of VPNGids.nl.
Iberian Sports Retail Group (ISRG), the Spanish parent company of Sprinter Sports, said in the email that "thorough and systematic" investigations were conducted with external cybersecurity specialists to uncover the facts, contain the impact of the incident and improve the security of the IT systems. "The ongoing investigation has revealed that one of the affected systems contained some customer order and account information, which may have been accessed or viewed by an unauthorized third party," the sports retail chain owner said.
The cyber attack may have captured names, e-mail addresses, phone numbers, dates of birth, delivery and billing addresses, customer reference numbers and tax identification numbers. General director of ISRG Francesc Casabella stresses that full bank account numbers and passwords were not stolen. Nevertheless, she advises customers to be alert for suspicious emails, phone calls, text messages and other fraudulent attempts. "Avoid clicking on links in unexpected emails or messages," she writes.
Furthermore, the CEO advises customers to change their password for their Sprinter Sports online account. "While we do not keep complete payment card information, as a precaution we would also encourage you to monitor suspicious activity on your bank accounts and contact your bank immediately if you notice any suspicious activity."
"We take the protection of customer data extremely seriously and are monitoring the situation closely. We regret that this happened," the company wrote to customers.
Who is responsible for the cyberattack on the sports store chain, Casabella did not say. On X, the name MetaEncryptor is circulating. The hacker group, active since August 2022, claims to have stolen one terabyte of company data on their portal on the dark web. According to cybersecurity firm WatchGuard, the hacker group has taken a total of 14 victims.
MetaEncryptor breaks into corporate networks and then infects them with ransomware. All infected files are then placed in a digital vault, so to speak. The only way to regain access to this data is with a decryption or decryption key. Victims receive these if they pay a ransom. To ensure that business operations are not compromised or the organization's reputation is damaged, victims often pay the requested ransom.
Sprinter Sports is originally a Spanish company that falls under the Iberian Sports Retail Group (ISRG). The sports conglomerate has owned all the Dutch stores of Aktiesport and Perry Sport since 2021. This year, these stores were merged under the name Sprinter. Worldwide, ISRG has more than four hundred sports stores.
