Dick's Sporting Goods discloses cyberattack

Dick's Sporting Goods, America's largest retail chain for outdoorsy types, has admitted that it suffered a cyberattack last week.

In an SEC 8-K filing, the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, "including portions of its systems containing certain confidential information." However, the filing doesn't state exactly what information was targeted by the attackers.

"The company has no knowledge that this incident has disrupted business operations," it stated.

"The company's investigation of the incident remains ongoing. Based on the company's current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material. Should any of the relevant facts and circumstances substantively change, the company will reassess materiality considerations."

The lack of effect on operations suggests that ransomware wasn't deployed on the corporate servers, since no pause in operations was reported. Then again, many ransomware operators don't even bother to lock down servers these days. They simply steal information and threaten to expose it unless the victims pay up.

The retailer, which has more than 850 stores across the US, isn't saying exactly what kind of information has been stolen. The Register has asked Dick's and we'll update this story as soon as more information comes in. But affected customers should be receiving an alert on how they have been affected. Let us know if you receive such an alert.

Dick's reports that it has called in law enforcement to investigate the intrusion and has signed up an external security firm to assess the extent of the issue and fix any outstanding security problems.

The retail chain is due to release its second-quarter earnings report on September 4 and more details may be available then. ®