America’s largest sporting goods retailer, Dick’s Sporting Goods, has disclosed a cybersecurity incident involving unauthorised access to its information systems.
The company, which operates over 850 stores across the United States, made the revelation in a filing to the US Securities and Exchange Commission on 28 August.
According to the filing, Dick’s Sporting Goods discovered on 21 August that an unnamed third party had gained access to “portions of its systems containing certain confidential information”. The exact nature and extent of the compromised data have not been specified.
The retailer assured stakeholders that the incident has not disrupted business operations, suggesting that ransomware may not have been deployed. However, many modern cybercriminals focus on data theft and extortion rather than system lockdowns.
Dick’s Sporting Goods stated in the filing: “The company has no knowledge that this incident has disrupted business operations. The company’s investigation of the incident remains ongoing.”
The company has taken swift action in response to the breach. It has engaged external cybersecurity experts to investigate and contain the threat, as well as notifying federal law enforcement authorities. The retailer is also conducting an ongoing assessment of the incident’s impact.
“Based on the company’s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material,” the filing added. However, it noted that this assessment could change as more information comes to light.
Cybersecurity experts have highlighted the increasing sophistication of attacks targeting major corporations. David Drossman, chief information security officer at The Clearing House, emphasised the importance of a multilayered security strategy: “You need to build a labyrinth of control to offset damage even if one layer fails.”
The incident at Dick’s Sporting Goods follows a string of high-profile cyberattacks on major organisations in recent months. It underscores the growing need for robust cybersecurity measures in the retail sector, which often handles large volumes of sensitive customer data.
As the investigation continues, affected customers are expected to receive alerts detailing how they may have been impacted. The company is scheduled to release its second-quarter earnings report on 4 September, which may provide further details about the incident and its potential financial implications.