Cyber Incident Victim: Dick's Sporting Goods

Dick’s Sporting Goods discovered unauthorized third-party access to its information systems on August 21, 2024, prompting an immediate activation of its cyber response plan. The company disclosed the incident in a regulatory filing with the Securities and Exchange Commission (SEC) on August 29, confirming that portions of its IT systems containing confidential information were exposed during the breach. Security experts were engaged to investigate, isolate, and contain the attack, with federal law enforcement notified of the intrusion. The retail chain stated it had no knowledge of business operations being disrupted by the incident and did not initially assess the attack as material. No details were provided regarding the attackers’ entry methods, the specific types of confidential data involved, or whether personal information was stored on compromised systems. The company also omitted any reference to extortion attempts by threat actors following the breach.

As of the disclosure date, no known ransomware groups had publicly claimed responsibility for the attack. This absence of claims led to speculation that the perpetrators might not belong to a ransomware operation or that Dick’s security team detected and contained the intrusion before file-encrypting malware could be deployed. The investigation remained ongoing, with the company continuing to assess the full scope and impact of the incident. Dick’s Sporting Goods operates over 850 retail locations under multiple brands, including Golf Galaxy and Moosejaw, alongside digital platforms such as an online store, mobile app, and live streaming service GameChanger. The breach exposed vulnerabilities in portions of this IT infrastructure, though the company maintained public confidence by emphasizing containment efforts and operational continuity. SecurityWeek contacted Dick’s for further clarification but had not received additional details by the time of publication.