A knowledge breach at retailer Sports activities Direct final yr was reported to the Data Commissioner’s Workplace however to not employees whose knowledge might have been compromised, in line with reviews.
The ICO confirmed to the BBC that it was “conscious of an incident” and was making enquiries.
In accordance with expertise web site The Register, the breach in September noticed staff’ unencrypted knowledge stolen.
A spokesman for Sports activities Direct wouldn’t be drawn on the main points of the breach.
“We can’t touch upon operational issues in relation to cybersecurity for apparent causes,” he advised the BBC.
“It’s our coverage to repeatedly improve and enhance our programs, and the place applicable we hold the related authorities knowledgeable,” he added.
The Register was advised by “an inside supply” hacker had attacked a system that Sports activities Direct used to run a employees portal.
New rules coming from the EU would require corporations to declare an information breach inside 72 hours.
According to the ICO’s current guidelines, it will be important corporations notify “people who might have been affected” to permit them “to take steps steps to guard themselves”.
Unite assistant common secretary Steve Turner advised the BBC: “Sports activities Direct employees will probably be anxious to know what private particulars have been hacked on this apparently critical knowledge breach and why they weren’t instantly knowledgeable about it by their employer.
“That is probably delicate and private info similar to nationwide insurance coverage numbers and financial institution particulars that we’re speaking about.
“It is utterly unacceptable that the employees affected seem to not have been knowledgeable and the info breach swept underneath the carpet.”
The union has contacted Sports activities Direct to make clear what occurred within the breach, however urged employees to examine their monetary information, change passwords and report any suspicious exercise.
Dr Jamie Greaves, chief govt at cybersecurity firm ZoneFox advised the BBC: “The best way Sports activities Direct has dealt with their knowledge breach final yr is an ideal instance of how to not take care of a cyber-attack.
“Protecting their 30,000-strong workforce at midnight for over a yr is just unacceptable.”
It isn’t the primary time Sports activities Direct has been criticised for the way it treats its employees.
The chairman of the federal government’s Enterprise, Innovation and Abilities committee Iain Wright instructed that Sports activities Direct’s working practices had been “nearer to that of a Victorian workhouse than that of a contemporary, respected excessive road retailer”.
The corporate has additionally been investigated over employees being paid beneath the minimal wage.