Dick's Sporting Goods discloses cyberattack
Authorities probing unwanted intrusion; hard questions ahead
Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.
In an SEC 8-K filing, the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, "including portions of its systems containing certain confidential information." However, the filing doesn't state exactly what information was targeted by the attackers.
"The company has no knowledge that this incident has disrupted business operations," it stated.
"The company's investigation of the incident remains ongoing. Based on the company's current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material. Should any of the relevant facts and circumstances substantively change, the company will reassess materiality considerations."
- Halliburton probes 'an issue' disrupting business ops
- Orion SA says scammers conned company out of $60 million
- Sonic Automotive says ransomware-linked CDK software outage cost it $30M
- What is RansomHub? Looks like a Knight ransomware reboot
The lack of effect on operations suggests that ransomware wasn't deployed on the corporate servers, since no pause in operations was reported. Then again, many ransomware operators don't even bother to lock down servers these days. They simply steal information and threaten to expose it unless the victims pay up.
The retailer, which has more than 850 stores across the US, isn't saying exactly what kind of information has been stolen. The Register has asked Dick's and we'll update this story as soon as more information comes in. But affected customers should be receiving an alert on how they have been affected. Let us know if you receive such an alert.
Dick's reports that it has called in law enforcement to investigate the intrusion and has signed up an external security firm to assess the extent of the issue and fix any outstanding security problems.
The retail chain is due to release its second-quarter earnings report on September 4 and more details may be available then. ®