Dick's Sporting Goods appears to have been caught off guard after suffering a cyberattack that resulted in the theft of sensitive company data.
The sporting goods retailer filed an 8-K form with the U.S. Securities and Exchange Commission (SEC), notifying the regulator of a cybersecurity incident.
“On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems that contained certain confidential information,” Dick’s said in the filing.
Without interruptions
The company said it immediately activated its cybersecurity response plan after discovering the incident and had worked with external cybersecurity experts to “investigate, isolate and contain” the threat. Federal law enforcement has also been notified.
Although Dick's admitted to having accessed some confidential information, it did not say exactly what it was or who it belonged to. Internet rumors suggest that the data belongs to company insiders, but there is no confirmation yet.
At the same time, an anonymous source said Computer beeping The company shut down its email systems and blocked all employees from accessing their accounts. The IT department began manually validating employees' identities using cameras, before granting them access to emails again. The company reportedly told its employees that access was blocked due to a “planned activity” and that their team leaders would notify them of further instructions. Telephone lines were also reportedly shut down.
TechRadar Pro has contacted Dick's and will update if we hear back.
Elsewhere in the filing, the company also stated that it is “not aware of this incident disrupting business operations.” In other words, it continued to work as usual while the data leak was taking place, suggesting that this was likely not a ransomware attack. It’s also worth mentioning that many ransomware operators don’t even bother to deploy the encryptor, as it can extort the same amount of money just by threatening to leak the stolen data. It’s cheaper, but just as effective.
“The Company’s investigation into the incident remains ongoing,” the document concludes. “Based on the Company’s current knowledge of the facts and circumstances surrounding this incident, the Company believes that this incident is not material.”
Through The Registry