An information breach at retailer Sports activities Direct final yr was reported to the Info Commissioner’s Workplace however to not employees whose information might have been compromised, in accordance with stories.
The ICO confirmed to the BBC that it was “conscious of an incident” and was making enquiries.
In line with expertise web site The Register, the breach in September noticed workers’ unencrypted information stolen.
A spokesman for Sports activities Direct wouldn’t be drawn on the small print of the breach.
“We can not touch upon operational issues in relation to cybersecurity for apparent causes,” he instructed the BBC.
“It’s our coverage to repeatedly improve and enhance our methods, and the place applicable we preserve the related authorities knowledgeable,” he added.
The Register was instructed by “an inside supply” hacker had attacked a system that Sports activities Direct used to run a employees portal.
New laws coming from the EU would require corporations to declare an information breach inside 72 hours.
According to the ICO’s current guidelines, it is vital corporations notify “people who might have been affected” to permit them “to take steps steps to guard themselves”.
Unite common secretary Steve Turner instructed the BBC: “Sports activities Direct employees will likely be anxious to know what private particulars have been hacked on this apparently critical information breach and why they weren’t instantly knowledgeable about it by their employer.
“That is doubtlessly delicate and private data comparable to nationwide insurance coverage numbers and financial institution particulars that we’re speaking about.
“It is fully unacceptable that the employees affected seem to not have been knowledgeable and the information breach swept below the carpet.”
The union has contacted Sports activities Direct to make clear what occurred within the breach, however urged employees to test their monetary data, change passwords and report any suspicious exercise.
Dr Jamie Greaves, chief government at cybersecurity firm ZoneFox instructed the BBC: “The way in which Sports activities Direct has dealt with their information breach final yr is an ideal instance of how to not cope with a cyber-attack.
“Retaining their 30,000-strong workforce at nighttime for over a yr is solely unacceptable.”
It isn’t the primary time Sports activities Direct has been criticised for the way it treats its employees.
The chairman of the federal government’s Enterprise, Innovation and Expertise committee Iain Wright instructed that Sports activities Direct’s working practices have been “nearer to that of a Victorian workhouse than that of a contemporary, respected excessive road retailer”.
The corporate has additionally been investigated over employees being paid under the minimal wage.