• Several stores that fall under the JD Group banner have been affected by a data breach.
• Attackers made off with no financial information, but did make off with a database containing ID numbers, names, and contact numbers.
• JD Group has told customers to excercise caution and vigilance as cybercriminals may attempt to leverage the data for further attacks.

Tucked away on the websites of a few JD Group entity’s websites you may spot a notice labelled “Data Security Incident”. It’s so small you would be forgiven for missing it but if you use the likes of Bradlows, Everyshop, HiFi Corp, Incredible, Rochester, Russells, and Sleepmasters, you may want to read the notice.

The notice is regarding a security incident which has exposed the data of more than half a million customers per a report from MyBroadband. The data breach was highlighted by a user on a hacking forum who claimed they had access to the record of 500 000 JD Group customers and 67 000 Everyshop customers.

While JD Group says that no banking or financial information was gleaned from the breach, ID numbers, names, and contact details were compromised.

“We have taken immediate action to investigate and mitigate the impact of this breach. The entire extent of the incident has already been assessed, and our dedicated team has been working on identifying affected data subjects and providing prompt communication. We will also cooperate with regulatory authorities and implement enhanced security measures to mitigate such incidents in the future,” reads the statement from JD Group chief executive officer, Peter Griffiths.

The danger with the likes of ID numbers, names, and contact details being taken by a ne’er-do-well is that it makes it much easier to launch convincing phishing attacks which can then be used to compromise other platforms or services.

JD Group has advised customers take the following precautions:

1. Monitor your transactional activity and report any suspicious activity.
2. Change your passwords often and ensure there is complexity in the configuration (e.g. with the use of special characters).
3. Be vigilant for phishing attempts: Be cautious of unsolicited emails, messages, or phone calls asking for personal information or financial details. Legitimate organisations will not request this information via unsecure channels.
4. Stay updated: Follow official announcements from JD Group and regulatory authorities for further instructions and guidance.
5. Do not click on any suspicious links.
6. Only provide personal information when there is a legitimate reason to do so.

“We sincerely apologise for any inconvenience and concern this incident may have caused. If you have any questions or require assistance, please do not hesitate to contact our information officer at io@pepkor.co.za. Your privacy matters to us, and we will continue to keep you informed as we progress in resolving this matter. Together, we can overcome this challenge and strengthen data protection measures across the nation,” concluded Griffiths

We recommend that you exercise caution if you used any of JD Group’s brands of late. We also hope to see updates from the firm following the conclusion of its investigation into the matter.

Perhaps keep an eye on the aforementioned websites for updates.