An information breach at retailer Sports activities Direct final 12 months was reported to the Info Commissioner’s Workplace however to not workers whose knowledge could have been compromised, in accordance with experiences.
The ICO confirmed to the BBC that it was “conscious of an incident” and was making enquiries.
In response to expertise web site The Register, the breach in September noticed workers’ unencrypted knowledge stolen.
A spokesman for Sports activities Direct wouldn’t be drawn on the main points of the breach.
“We can not touch upon operational issues in relation to cybersecurity for apparent causes,” he advised the BBC.
“It’s our coverage to repeatedly improve and enhance our programs, and the place applicable we preserve the related authorities knowledgeable,” he added.
The Register was advised by “an inside supply” hacker had attacked a system that Sports activities Direct used to run a workers portal.
New rules coming from the EU would require corporations to declare an information breach inside 72 hours.
According to the ICO’s current guidelines, it is necessary corporations notify “people who could have been affected” to permit them “to take steps steps to guard themselves”.
Unite assistant common secretary Steve Turner advised the BBC: “Sports activities Direct employees might be anxious to know what private particulars have been hacked on this apparently critical knowledge breach and why they weren’t instantly knowledgeable about it by their employer.
“That is probably delicate and private info akin to nationwide insurance coverage numbers and financial institution particulars that we’re speaking about.
“It is utterly unacceptable that the employees affected seem to not have been knowledgeable and the information breach swept below the carpet.”
The union has contacted Sports activities Direct to make clear what occurred within the breach, however urged workers to test their monetary data, change passwords and report any suspicious exercise.
Dr Jamie Greaves, chief govt at cybersecurity firm ZoneFox advised the BBC: “The best way Sports activities Direct has dealt with their knowledge breach final 12 months is an ideal instance of how to not cope with a cyber-attack.
“Protecting their 30,000-strong workforce at the hours of darkness for over a 12 months is solely unacceptable.”
It isn’t the primary time Sports activities Direct has been criticised for the way it treats its workers.
The chairman of the federal government’s Enterprise, Innovation and Expertise committee Iain Wright urged that Sports activities Direct’s working practices had been “nearer to that of a Victorian workhouse than that of a contemporary, respected excessive avenue retailer”.
The corporate has additionally been investigated over workers being paid beneath the minimal wage.