An information breach at retailer Sports activities Direct final 12 months was reported to the Data Commissioner’s Workplace however to not workers whose information could have been compromised, in line with studies.
The ICO confirmed to the BBC that it was “conscious of an incident” and was making enquiries.
In response to expertise web site The Register, the breach in September noticed workers’ unencrypted information stolen.
A spokesman for Sports activities Direct wouldn’t be drawn on the small print of the breach.
“We can’t touch upon operational issues in relation to cybersecurity for apparent causes,” he instructed the BBC.
“It’s our coverage to repeatedly improve and enhance our techniques, and the place applicable we maintain the related authorities knowledgeable,” he added.
The Register was instructed by “an inside supply” hacker had attacked a system that Sports activities Direct used to run a workers portal.
New rules coming from the EU would require firms to declare a knowledge breach inside 72 hours.
According to the ICO’s current guidelines, it is crucial firms notify “people who could have been affected” to permit them “to take steps steps to guard themselves”.
Unite assistant common secretary Steve Turner instructed the BBC: “Sports activities Direct employees might be anxious to know what private particulars have been hacked on this apparently critical information breach and why they weren’t instantly knowledgeable about it by their employer.
“That is doubtlessly delicate and private data reminiscent of nationwide insurance coverage numbers and financial institution particulars that we’re speaking about.
“It is fully unacceptable that the employees affected seem to not have been knowledgeable and the information breach swept below the carpet.”
The union has contacted Sports activities Direct to make clear what occurred within the breach, however urged workers to verify their monetary data, change passwords and report any suspicious exercise.
Dr Jamie Greaves, chief government at cybersecurity firm ZoneFox instructed the BBC: “The way in which Sports activities Direct has dealt with their information breach final 12 months is an ideal instance of how to not cope with a cyber-attack.
“Conserving their 30,000-strong workforce at the hours of darkness for over a 12 months is solely unacceptable.”
It’s not the primary time Sports activities Direct has been criticised for the way it treats its workers.
The chairman of the federal government’s Enterprise, Innovation and Expertise committee Iain Wright steered that Sports activities Direct’s working practices have been “nearer to that of a Victorian workhouse than that of a contemporary, respected excessive avenue retailer”.
The corporate has additionally been investigated over workers being paid under the minimal wage.