No items found.

Sports Warehouse To Pay $300,000 For Data Breach


Readers can take this news however they want for the impact on their own operations or the business of team sports in general, but recently online competitor Sports Warehouse, which runs direct sellers such as Tennis Warehouse, Running Warehouse, Skate Warehouse and Tackle Warehouse, was reportedly ordered to pay a penalty of $300,000 to the State of New York as a result of poor data security and a data breach in 2021. That breach reportedly compromised credit card information and e-mail addresses for more than 136,000 New Yorkers.

According to a statement from New York’s Office of the Attorney General, in addition to the fine Sports Warehouse was also ordered to  strengthen its cybersecurity measures after being found liable for failing to protect the personal data of 2.5 million consumers.

OAG’s said that in 2021 an attacker gained access to Sports Warehouse’s subsidiary servers by attempting to identify login credentials through repeated trial and error. After gaining access to the companies’ servers, the attacker created several web shells to gain remote access to the Sports Warehouse companies’ commerce server, which contained payment card information for nearly every purchase made through their websites since 2002.

The investigation by the Sports Warehouse companies found that the attacker had also accessed certain customers’ e-mail addresses and passwords.

OAG maintains that Sports Warehouse failed to adopt reasonable practices to protect consumers’ personal information. In particular, OAG found that Sports Warehouse companies had failed to encrypt consumers’ private information on its servers and adopt appropriate data deletion practices.