News: 1724862007

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Dick's Sporting Goods discloses cyberattack

(2024/08/28)


Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.

In an [1]SEC 8-K filing , the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, "including portions of its systems containing certain confidential information." However, the filing doesn't state exactly what information was targeted by the attackers.

"The company has no knowledge that this incident has disrupted business operations," it stated.

[2]

"The company's investigation of the incident remains ongoing. Based on the company's current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material. Should any of the relevant facts and circumstances substantively change, the company will reassess materiality considerations."

[3]Halliburton probes 'an issue' disrupting business ops

[4]Orion SA says scammers conned company out of $60 million

[5]Sonic Automotive says ransomware-linked CDK software outage cost it $30M

[6]What is RansomHub? Looks like a Knight ransomware reboot

The lack of effect on operations suggests that ransomware wasn't deployed on the corporate servers, since no pause in operations was reported. Then again, many ransomware operators don't even bother to lock down servers these days. They simply steal information and threaten to expose it unless the victims pay up.

The retailer, which has more than 850 stores across the US, isn't saying exactly what kind of information has been stolen. The Register has asked Dick's and we'll update this story as soon as more information comes in. But affected customers should be receiving an alert on how they have been affected. Let us know if you receive such an alert.

[7]

Dick's reports that it has called in law enforcement to investigate the intrusion and has signed up an external security firm to assess the extent of the issue and fix any outstanding security problems.

The retail chain is due to release its second-quarter earnings report on September 4 and more details may be available then. ®

Get our [8]Tech Resources



[1] https://www.sec.gov/ix?doc=/Archives/edgar/data/1089063/000108906324000104/dks-20240821.htm

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zs@eB1kz04-aS1Sgk6zwIgAAAIk&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://www.theregister.com/2024/08/22/halliburton_investigates_incident_amid_cyberattack/

[4] https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/

[5] https://www.theregister.com/2024/08/06/sonic_automotive_says_cdk_disruption/

[6] https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zs@eB1kz04-aS1Sgk6zwIgAAAIk&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[8] https://whitepapers.theregister.com/



isn't saying exactly what kind of information has been stolen

Howard Sway

Reports elsewhere are saying that only members are affected.

Re: isn't saying exactly what kind of information has been stolen

Anonymous Coward

Members' exposure calls for the stiffest penance IMHO (and thank god for such penetrating journalism)!

Re: isn't saying exactly what kind of information has been stolen

David 132

Not too far from me here in the wilds of the Pacific Northwest, there is a Dick's Sporting Goods store, right next to a "BJ's Bar & Grill".

Someone in the city planning department got sloppy.

MiguelC

Were their cybersecurity people dicking around while it happened?

What cybersecurity people ?

t245t

> Were their cybersecurity people dicking around while it happened?

Jadith

Looks like they were really caught with their pants down!

New marketing line...

spold

Waiting for the managed SIEM companies to start marketing spiel with "Don't be a Dick...."

Was it malicious?

David 132

...or just a cock up?

BasicReality

Couldn't happen to a better bunch of dicks.

Plate voltage too low on demodulator tube